Symantec Encryption Desktop Multiple DoS Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host has an application installed that is affected by
multiple denial of service vulnerabilities.

Description :

The remote host has a version of Symantec Encryption Desktop
(formerly PGP Desktop) installed that is affected by two denial of
service vulnerabilities due to improper handling of data when parsing
specifically formatted certificates. An attacker could potentially
exploit this vulnerability by tricking a user into attempting to parse
a specially crafted certificate in order to cause an application
crash.

See also :

http://www.nessus.org/u?0717a65d

Solution :

Apply Symantec Encryption Desktop 10.3.2 maintenance pack 1.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 73689 ()

Bugtraq ID: 67016
67020

CVE ID: CVE-2014-1646
CVE-2014-1647

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now