Symantec PGP Desktop And Encryption Desktop Integer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with Symantec PGP/Encryption Desktop and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow remote unauthenticated attacker to execute arbitrary code and or gain escalated privileges. Impact Level: Application

Solution

Upgrade to version 10.3.0 MP1 or later, For updates refer to http://www.symantec.com

Insight

Flaw is due to an unspecified error in pgpwded.sys.

Affected

Symantec PGP Desktop 10.0.x, 10.1.x, and 10.2.x Symantec Encryption Desktop 10.3.0 prior to 10.3.0 MP1

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/51762
http://secunia.com/advisories/52219
http://www.osvdb.com/88920

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4351

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
Apple Mac OS X Authentication Bypass Vulnerability
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
Asterisk Missing ACL Check Remote Security Bypass Vulnerability

Symantec PGP Desktop and Encryption Desktop Integer Overflow Vulnerability

Take action and discover your vulnerabilities