The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Symantec Encryption Desktop

vulnerability 24640

Symantec Encryption Desktop, Endpoint Encryption: privilege escalation via NTFS Hard Disk

Synthesis of the vulnerability

An attacker can bypass restrictions via NTFS Hard Disk of Symantec Encryption Desktop, Endpoint Encryption, in order to escalate his privileges.
Impacted products: Symantec Encryption Desktop, Symantec Endpoint Encryption.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 04/12/2017.
Identifiers: VIGILANCE-VUL-24640.

Description of the vulnerability

An attacker can bypass restrictions via NTFS Hard Disk of Symantec Encryption Desktop, Endpoint Encryption, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-13679 CVE-2017-13682

Symantec Encryption Desktop: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Symantec Encryption Desktop, in order to trigger a denial of service.
Impacted products: Symantec Encryption Desktop.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/10/2017.
Identifiers: CVE-2017-13679, CVE-2017-13682, SYM17-010, VIGILANCE-VUL-24067.

Description of the vulnerability

An attacker can generate a fatal error of Symantec Encryption Desktop, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-6330

Symantec Encryption Desktop: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Symantec Encryption Desktop, in order to trigger a denial of service.
Impacted products: Symantec Encryption Desktop.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 08/09/2017.
Identifiers: CVE-2017-6330, SYM17-008, VIGILANCE-VUL-23790.

Description of the vulnerability

An attacker can generate a fatal error of Symantec Encryption Desktop, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-3436

Symantec Encryption Desktop: denial of service via compressed encrypted e-mail

Synthesis of the vulnerability

An attacker can send special compressed messages to a user of Symantec Encryption Desktop, in order to trigger a denial of service.
Impacted products: Symantec Encryption Desktop.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: internet client.
Creation date: 22/08/2014.
Identifiers: CVE-2014-3436, SYM14-014, VIGILANCE-VUL-15220.

Description of the vulnerability

The Symantec Encryption Desktop product offers functions to encrypt e-mail.

Encrypted messages are ofter compressed before being actually encrypted. The size of a decompressed message is not predictable. However, Symantec Encryption Desktop does not enforce limits to the uncompress process. An attacker can do build a message the processing of which will require a large amount of memory, CPU time and perhaps disk space.

An attacker can therefore send a special compressed message to a user of Symantec Encryption Desktop, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-3431

Symantec PGP Desktop, Encryption Desktop: file manipulation on OS X

Synthesis of the vulnerability

A local attacker can alter a file of Symantec PGP Desktop or Encryption Desktop installed on OS X, in order to create a file or to change permissions.
Impacted products: Symantec Encryption Desktop, PGP Desktop.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 23/06/2014.
Identifiers: BID-68077, CVE-2014-3431, SYM14-011, VIGILANCE-VUL-14920.

Description of the vulnerability

The Symantec PGP Desktop or Symantec Encryption Desktop product can be installed on OS X.

However, some files are installed with world-writeable permissions. A local attacker can thus alter them:
 - to create new files, or
 - to change permissions of an existing file.

A local attacker can therefore alter a file of Symantec PGP Desktop or Encryption Desktop installed on OS X, in order to create a file or to change permissions.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-1646 CVE-2014-1647

Symantec Encryption Desktop: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec Encryption Desktop.
Impacted products: Symantec Encryption Desktop, PGP Desktop.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 24/04/2014.
Identifiers: BID-67016, BID-67020, CVE-2014-1646, CVE-2014-1647, SYM14-007, VIGILANCE-VUL-14638.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Encryption Desktop.

An attacker can invite the victim to open a malicious certificate file, in order to access to an invalid memory area during a memory copy, in order to trigger a denial of service. [severity:1/4; BID-67016, CVE-2014-1646]

An attacker can invite the victim to open a malicious certificate file, in order to access to an invalid memory area during a block data move, in order to trigger a denial of service. [severity:1/4; BID-67020, CVE-2014-1647]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-1610

Symantec PGP/Encryption Desktop: privilege escalation via RDDService

Synthesis of the vulnerability

A local attacker can store a malicious program in the PATH of RDDService of Symantec PGP/Encryption Desktop, in order to escalate his privileges.
Impacted products: Symantec Encryption Desktop, PGP Desktop.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 02/08/2013.
Identifiers: BID-61489, CVE-2013-1610, SYM13-010, VIGILANCE-VUL-13193.

Description of the vulnerability

The Symantec PGP Desktop and Symantec Encryption Desktop products install the RDDService service.

However, this service calls an external command without using its full access path.

A local attacker can therefore store a malicious program in the PATH of RDDService of Symantec PGP/Encryption Desktop, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-4351 CVE-2012-6533

Symantec PGP, Encryption Desktop: privilege elevation

Synthesis of the vulnerability

A local attacker can use two vulnerabilities of Symantec PGP/Encryption Desktop, in order to execute code with system privileges.
Impacted products: Symantec Encryption Desktop, PGP Desktop.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/02/2013.
Identifiers: BID-57170, BID-57835, CERTA-2013-AVI-135, CVE-2012-4351, CVE-2012-4352-ERROR, CVE-2012-6533, SYM13-001, VIGILANCE-VUL-12429.

Description of the vulnerability

The Symantec PGP/Encryption Desktop product installs the pgpwded.sys driver. However, it is impacted by two vulnerabilities.

An attacker can trigger an integer overflow. [severity:2/4; BID-57170, CVE-2012-4351]

On Windows XP/2003, an attacker can trigger a buffer overflow. [severity:2/4; BID-57835, CVE-2012-4352-ERROR, CVE-2012-6533]

A local attacker can therefore use two vulnerabilities of Symantec PGP/Encryption Desktop, in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.