Symantec Encryption Desktop Unquoted Search Path Security Advisory
|Article:AL1470|||||Created: 2013-08-01|||||Updated: 2013-08-05|||||Article URL http://www.symantec.com/docs/AL1470|
Symantec PGP and Symantec Encryption Desktop client has an unquoted search path in RDDService. This could provide a non-privileged local user the ability to successfully insert arbitrary code in the root path.
The vulnerable RDDService is no longer used in Symantec Encryption Desktop. Symantec engineers have removed this service from Symantec Encryption Desktop. Symantec recommends upgrading to the latest version of Symantec Encryption Desktop. Symantec is not aware of exploitation of or adverse customer impact from this issue.
This issue is fixed in Symantec Encryption Desktop 10.3.0 MP3.
For more information, see the Security Advisory.
Article URL http://www.symantec.com/docs/AL1470