You are here

V-093: Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges

February 18, 2013 - 12:53am

Addthis

PROBLEM:

Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges

PLATFORM:

Symantec PGP Desktop 10.2.x,10.1.x,10.0.x
Symantec Encryption Desktop  10.3.0

ABSTRACT:

Two vulnerabilities were reported in Symantec PGP Desktop.

REFERENCE LINKS:

Symantec Security Advisory SYM13-001
Bugtraq ID:  57170 
SecurityTracker Alert ID:  1028145
CVE-2012-4351
CVE-2012-4352

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A local user can trigger an integer overflow in 'pgpwded.sys' to execute arbitrary code on the target system [CVE-2012-4351].

On Windows XP and Windows Sever 2003, a local user can trigger a buffer overflow [CVE-2012-4352].

IMPACT:

A local user can obtain elevated privileges on the target system.

SOLUTION:

The vendor has issued a fix (10.3.0 maintenance pack 1).

Symantec Desktop Encryption maintenance update  may be obtained through normal Symantec support locations.

 

 

Addthis