Symantec PGP Desktop And Encryption Desktop Integer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with Symantec PGP/Encryption Desktop and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow remote unauthenticated attacker to execute arbitrary code and or gain escalated privileges. Impact Level: Application

Solution

Upgrade to version 10.3.0 MP1 or later, For updates refer to http://www.symantec.com

Insight

Flaw is due to an unspecified error in pgpwded.sys.

Affected

Symantec PGP Desktop 10.0.x, 10.1.x, and 10.2.x Symantec Encryption Desktop 10.3.0 prior to 10.3.0 MP1

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/51762
http://secunia.com/advisories/52219
http://www.osvdb.com/88920

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4351
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Arris DOCSIS Password Disclosure
Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)
Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
Apple Safari 'background' Remote Denial Of Service Vulnerability

Symantec PGP Desktop and Encryption Desktop Integer Overflow Vulnerability

Take action and discover your vulnerabilities