Symantec Encryption Desktop Multiple DoS Vulnerabilities

Medium Nessus Plugin ID 73689


The remote host has an application installed that is affected by multiple denial of service vulnerabilities.


The remote host has a version of Symantec Encryption Desktop (formerly PGP Desktop) installed that is affected by two denial of service vulnerabilities due to improper handling of data when parsing specifically formatted certificates. An attacker could potentially exploit this vulnerability by tricking a user into attempting to parse a specially crafted certificate in order to cause an application crash.


Apply Symantec Encryption Desktop 10.3.2 maintenance pack 1.

See Also

Plugin Details

Severity: Medium

ID: 73689

File Name: pgp_desktop_10_3_2_mp1.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2013/04/23

Modified: 2014/04/30

Dependencies: 64852

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:encryption_desktop, cpe:/a:pgp:desktop_for_windows

Required KB Items: SMB/symantec_encryption_desktop/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/04/15

Vulnerability Publication Date: 2014/04/23

Reference Information

CVE: CVE-2014-1646, CVE-2014-1647

BID: 67016, 67020

OSVDB: 106212, 106213