Symantec Encryption Desktop Local Access Elevation of Privilege Vulnerabilities

Medium Nessus Plugin ID 64853

Synopsis

The remote host has an application installed that is affected by multiple privilege escalation vulnerabilities.

Description

The remote host has a version of Symantec Encryption Desktop (formerly PGP Desktop) installed that is affected by two privilege escalation vulnerabilities that can be triggered by exploiting a buffer overflow or integer overflow flaw in 'pgpwded.sys'.

By running a specially crafted program, a local attacker could execute arbitrary code with privileged access.

Solution

Apply Symantec Encryption Desktop 10.3.0 maintenance pack 1.

See Also

http://www.nessus.org/u?655c5aca

Plugin Details

Severity: Medium

ID: 64853

File Name: pgp_desktop_10_3_0_8741.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 2013/02/22

Updated: 2018/11/15

Dependencies: 64852

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:encryption_desktop, cpe:/a:pgp:desktop_for_windows

Required KB Items: SMB/symantec_encryption_desktop/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/02/13

Vulnerability Publication Date: 2013/02/13

Reference Information

CVE: CVE-2012-4351, CVE-2012-6533

BID: 57835, 57170