Symantec PGP Desktop Untrusted Search Path Vulnerability Network Vulnerability

Summary

The host is installed with Symantec PGP Desktop and is prone to untrusted search path vulnerability.

Impact

Successful exploitation will allow remote unauthenticated attacker to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: System/Application

Solution

Upgrade to version 10.0.1 or later, For updates refer to http://www.symantec.com

Insight

Flaws is due to the application loading libraries (e.g. tvttsp.dll, tsp.dll) in an insecure manner.

Affected

Symantec PGP Desktop 9.9.0 Build 397, 9.10.x, 10.x prior to 10.0.0 Build 2732

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://seclists.org/fulldisclosure/2010/Sep/170
http://secunia.com/advisories/41135

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3397
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)

Take action and discover your vulnerabilities