CVE-2014-3431CVE-2014-3431

Affected configuration(s):

cpe:/a:symantec:encryption_desktop:10.3.0::~~professional~~~
cpe:/a:symantec:encryption_desktop:10.3.1::~~professional~~~
cpe:/a:symantec:encryption_desktop:10.3.2:-:~~professional~~~
cpe:/a:symantec:encryption_desktop:10.3.2:mp1:~~professional~~~
cpe:/a:symantec:pgp_desktop:10.0.0
cpe:/a:symantec:pgp_desktop:10.0.1
cpe:/a:symantec:pgp_desktop:10.0.2
cpe:/a:symantec:pgp_desktop:10.0.3
cpe:/a:symantec:pgp_desktop:10.1.0
cpe:/a:symantec:pgp_desktop:10.1.1
cpe:/a:symantec:pgp_desktop:10.1.2
cpe:/a:symantec:pgp_desktop:10.2.0
cpe:/a:symantec:pgp_desktop:10.2.1
cpe:/a:symantec:pgp_desktop:10.2.2

Date published: 2014-06-21T11:55:04.680-04:00

Date last modified: 2017-01-06T21:59:59.237-05:00

CVSS Score: 4.3

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://secunia.com/advisories/59421

Summary: Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *