https://www.exploit-db.com/exploits/19855
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200004-041

未使能注册表编辑的PandaSecurity3.0存在漏洞，用户可以通过直接执行.reg文件或其他方法编辑注册表和获取特权。

source: http://www.securityfocus.com/bid/1119/info

Panda Security is a user management application for Windows 9x. With it, certain functions can be prohibited for specific users.

One of the restrictive policies possible is to disable registry editing. However, even with this feature activated, any user can edit the registry by either executing a *.reg file or renaming and then executing regedit.exe. As the restriction settings for Panda are stored in the registry, this weakness negates the effectiveness of the rest of the Panda software.

In addition, users can uninstall Panda Security through the Add/Remove Programs applet in the Control Panel. An error message will appear when the user attempts to uninstall Panda Security. However upon reboot, the application will have been successfully uninstalled.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19855.zip

来源:updates.pandasoftware.com
链接:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
来源:BUGTRAQ
名称:20000417bugsinPandaSecurity3.0
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BID
名称:1119
链接:http://www.securityfocus.com/bid/1119