CVE-2014-5307
Panda Security 2014 Products - Heap-Based Buffer Overflow via PavTPK.sys IOCTL Call
Title source: llmDescription
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Aug/53
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/127948/Panda-Security-2014-Privilege-Escalation.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533182/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69293
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95382
Various Sources x_refsource_misc
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5307/
Scores
EPSS
0.0057
EPSS Percentile
43.2%
Details
CWE
CWE-119
Status
published
Products (3)
pandasecurity/panda_av_pro_2014
13.01.01
pandasecurity/panda_global_protection_2014
7.01.01
pandasecurity/panda_internet_security_2014
19.01.01
Published
Aug 26, 2014
Tracked Since
Feb 18, 2026