CVE-2006-4657 | Vulnerability Database | Aqua Security

Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the products installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.

Affected Software

Name	Vendor	Start Version	End Version
Panda_platinum_internet_security	Panda	2006_10.02.01 (including)	2006_10.02.01 (including)
Panda_platinum_internet_security	Panda	2007_11.00.00 (including)	2007_11.00.00 (including)

References

http://secunia.com/advisories/21769
http://securityreason.com/securityalert/1524
http://www.security.nnov.ru/advisories/pandais.asp
http://www.securityfocus.com/archive/1/445479/100/0/threaded
http://www.securityfocus.com/archive/1/445889/100/0/threaded
http://www.securityfocus.com/bid/19891
http://www.vupen.com/english/advisories/2006/3514
http://secunia.com/advisories/21769
http://securityreason.com/securityalert/1524
http://www.security.nnov.ru/advisories/pandais.asp
http://www.securityfocus.com/archive/1/445479/100/0/threaded
http://www.securityfocus.com/archive/1/445889/100/0/threaded
http://www.securityfocus.com/bid/19891
http://www.vupen.com/english/advisories/2006/3514

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4657
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html