CVE-2014-1646CVE-2014-1646

Affected configuration(s):

cpe:/a:symantec:encryption_desktop:10.3.0::~~professional~~~
cpe:/a:symantec:encryption_desktop:10.3.1::~~professional~~~
cpe:/a:symantec:encryption_desktop:10.3.2:-:~~professional~~~
cpe:/a:symantec:pgp_desktop:10.0.0
cpe:/a:symantec:pgp_desktop:10.0.1
cpe:/a:symantec:pgp_desktop:10.0.2
cpe:/a:symantec:pgp_desktop:10.0.3
cpe:/a:symantec:pgp_desktop:10.1.0
cpe:/a:symantec:pgp_desktop:10.1.1
cpe:/a:symantec:pgp_desktop:10.1.2
cpe:/a:symantec:pgp_desktop:10.2.0
cpe:/a:symantec:pgp_desktop:10.2.1
cpe:/a:symantec:pgp_desktop:10.2.2

Date published: 2014-04-23T15:55:05.237-04:00

Date last modified: 2014-04-24T14:00:48.890-04:00

CVSS Score: 2.6

Principal attack vector: NETWORK

Complexity:  HIGH

Reference URL: http://www.securityfocus.com/bid/67016

Summary: Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.