PROBLEM:
Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges
PLATFORM:
Symantec PGP Desktop 10.2.x,10.1.x,10.0.x
Symantec Encryption Desktop 10.3.0
ABSTRACT:
Two vulnerabilities were reported in Symantec PGP Desktop.
REFERENCE LINKS:
Symantec Security Advisory SYM13-001
Bugtraq ID: 57170
SecurityTracker Alert ID: 1028145
CVE-2012-4351
CVE-2012-4352
IMPACT ASSESSMENT:
Medium
DISCUSSION:
A local user can trigger an integer overflow in 'pgpwded.sys' to execute arbitrary code on the target system [CVE-2012-4351].
On Windows XP and Windows Sever 2003, a local user can trigger a buffer overflow [CVE-2012-4352].
IMPACT:
A local user can obtain elevated privileges on the target system.
SOLUTION:
The vendor has issued a fix (10.3.0 maintenance pack 1).
Symantec Desktop Encryption maintenance update may be obtained through normal Symantec support locations.