Fortinet Discovers Panda Security VPN DLL Pre-Loading Vulnerability
Fortinet's FortiGuard Labs has discovered a DLL preloading vulnerability in Panda Security VPN for Windows.
Panda Security VPN is a Virtual Private Network application that lets users access all Internet content safely and privately, TV shows, social networks, sports and news channels, video/audio streaming, dating sites, video games from anywhere in the world. It protects user data and identity in home, at work and in public environments. It encrypts user data and communications.
Panda Security VPN for Windows is susceptible to a DLL preloading vulnerability. The issue occurs when the application looks to load a DLL for execution and an attacker provides a malicious DLL to use instead. The application generally follows a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Users should apply the solution provided by Panda Security.
Fortinet reported the vulnerability to Panda Security
This vulnerability was discovered by Kushal Arvind Shah of Fortinet's FortiGuard Labs.