Nettitude Blog

Panda Security 2016 Home User Products - Privilege Escalation

Posted by Kyriakos Economou on Apr 5, 2016 12:00:51 PM
  • CVE: CVE-2015-7378
  • Vendor: Panda Security
  • Reported by: Kyriakos Economou
  • Date of Release: 05/04/2016
  • Affected Products: Multiple
  • Affected Version: Panda Security URL Filtering < v4.3.1.9
  • Fixed Version: Panda Security URL Filtering v4.3.1.9


All Panda Security 2016 home user products for Windows are vulnerable to privilege escalation, which allows a local attacker to execute code as SYSTEM from any account (guest included), thus completely compromising the affected host.

Affected Products:

Panda Gold Protection 2016 v16.0.1
Panda Global Protection 2016 v16.0.1
Panda Internet Security 2016 v16.0.1
Panda Antivirus Pro 2016 v16.0.1
Panda Free Antivirus v16.0.1


A local attacker can elevate his privileges from any user account and execute code as SYSTEM.

Technical Details:

By default all the aforementioned products install (current version:, which creates a service named 'panda_url_filtering' that runs as SYSTEM. The executable modules are by default installed in "C:\ProgramData\Panda Security URL Filtering" directory. However, the ACLs assigned to the directory itself, and to the rest of the installed files, allow any user to modify those files and/or substitute them with malicious ones. A local attacker can easily execute code with SYSTEM account privileges by modifying or substituting the main executable module of this service, 'Panda_URL_Filteringb.exe', which will run at the next reboot of the host.

Disclosure Log:

Vendor Contacted: 28/09/2015
Public Disclosure: 05/04/2016


Copyright © Nettitude Limited 2016, All rights reserved worldwide.


The information herein contained may change without notice. Any use of this information is at the user’s risk and discretion and is provided with no warranties. Nettitude and the author cannot be held liable for any impact resulting from the use of this information.

To contact Nettitude’s editor, please email

Topics: Security Blog, Uncategorized

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

In 2018, Nettitude became part of Lloyd’s Register, an 8,000 person strong professional services organisation, with 300 years of heritage in safety and risk management. Nettitude now provides true global coverage, through a network of over 180 offices strategically placed around the globe.

Subscribe Here!

Recent Posts