Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS
Medium Nessus Plugin ID 77406
SynopsisThe remote host has a data encryption application installed that is affected by a denial of service vulnerability.
DescriptionThe version of Symantec Encryption Desktop installed on the remote host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially crafted encrypted email. Decryption of an excessively large compressed message could cause high memory and CPU usage resulting in a denial of service as the system becomes unresponsive during the decompression attempt.
SolutionUpgrade to Symantec Encryption Desktop 10.3.2 MP3 or later.