Security Advisory: Symantec Enterprise Vault Unquoted Search Path in the File Collector and File PlaceHolder services

Article:TECH204135  |  Created: 2013-03-21  |  Updated: 2013-03-21  |  Article URL
Article Type
Technical Solution



Symantec was notified of an unquoted search path issue impacting the File Collector and File PlaceHolder services for Windows deployed as part of Symantec Enterprise Vault for File System Archiving. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.  A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot.  If successful, the local user’s code would execute with the elevated privileges of the application.  Additional information on this advisory can be found in SYM13-003.

What is Affected:
The following server versions of Symantec Enterprise Vault are affected:

  • Enterprise Vault for File System Archiving 10.0
  • Enterprise Vault for File System Archiving 9.0, 9.0.1, 9.0.2, and 9.0.3
  • Enterprise Vault for File System Archiving 8.x


Symantec is not aware of exploitation of or adverse customer impact from this issue.

The fix was incorporated into versions 9.0.4, 10.0.1 and later of Symantec Enterprise Vault. Symantec recommends upgrading to one of these versions of the software.  Refer to TECH54592 for additional information on how to upgrade.

Subscribe to this TechNote:
Subscribe to this article by clicking on the Subscribe via email link on this page to receive notification when this article is updated.

Software Alerts:
If this TechNote was not received from the Symantec Email Notification Service as a Software Alert, please subscribe via email and/or RSS.  For more information refer to article HOWTO31128 for additional information.

Symantec Strongly Recommends the Following Best Practices:

  • Restrict access to administration or management systems to privileged users.
  • Restrict remote access, if required, to trusted/authorized systems only.
  • Run under the principle of least privilege where possible to limit the impact of exploit by threats.
  • Keep all operating systems and applications updated with the latest vendor patches.
  • Follow a multi-layered approach to security. Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
  • Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities


Article URL

Terms of use for this information are found in Legal Notices