Detections
Analytics

Symantec Encryption Desktop Local Access Elevation of Privilege Vulnerabilities

medium Nessus Plugin ID 64853

Language:

Synopsis

The remote host has an application installed that is affected by multiple privilege escalation vulnerabilities.

Description

The remote host has a version of Symantec Encryption Desktop (formerly PGP Desktop) installed that is affected by two privilege escalation vulnerabilities that can be triggered by exploiting a buffer overflow or integer overflow flaw in 'pgpwded.sys'.

By running a specially crafted program, a local attacker could execute arbitrary code with privileged access.

Solution

Apply Symantec Encryption Desktop 10.3.0 maintenance pack 1.

See Also

http://www.nessus.org/u?655c5aca

Plugin Details

Severity: Medium

ID: 64853

File Name: pgp_desktop_10_3_0_8741.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 2/22/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:symantec:encryption_desktop, cpe:/a:pgp:desktop_for_windows

Required KB Items: SMB/symantec_encryption_desktop/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/13/2013

Vulnerability Publication Date: 2/13/2013

Reference Information

CVE: CVE-2012-4351, CVE-2012-6533

BID: 57835, 57170