Symantec Encryption Desktop Local Access Elevation of Privilege Vulnerabilities

Medium Nessus Plugin ID 64853


The remote host has an application installed that is affected by multiple privilege escalation vulnerabilities.


The remote host has a version of Symantec Encryption Desktop (formerly PGP Desktop) installed that is affected by two privilege escalation vulnerabilities that can be triggered by exploiting a buffer overflow or integer overflow flaw in 'pgpwded.sys'.

By running a specially crafted program, a local attacker could execute arbitrary code with privileged access.


Apply Symantec Encryption Desktop 10.3.0 maintenance pack 1.

See Also

Plugin Details

Severity: Medium

ID: 64853

File Name: pgp_desktop_10_3_0_8741.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2013/02/22

Modified: 2013/08/17

Dependencies: 64852

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:encryption_desktop, cpe:/a:pgp:desktop_for_windows

Required KB Items: SMB/symantec_encryption_desktop/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/02/13

Vulnerability Publication Date: 2013/02/13

Reference Information

CVE: CVE-2012-4351, CVE-2012-6533

BID: 57835, 57170

OSVDB: 88920, 89031