Symantec Encryption Desktop Unquoted Search Path Security Advisory

Article:AL1470  |  Created: 2013-08-01  |  Updated: 2013-08-05  |  Article URL http://www.symantec.com/docs/AL1470
Article Type
Alerts

Product(s)

Description



Symantec PGP and Symantec Encryption Desktop client has an unquoted search path in RDDService. This could provide a non-privileged local user the ability to successfully insert arbitrary code in the root path.

Symantec Response

The vulnerable RDDService is no longer used in Symantec Encryption Desktop. Symantec engineers have removed this service from Symantec Encryption Desktop. Symantec recommends upgrading to the latest version of Symantec Encryption Desktop. Symantec is not aware of exploitation of or adverse customer impact from this issue.

This issue is fixed in Symantec Encryption Desktop 10.3.0  MP3.

For more information, see the Security Advisory.



Article URL http://www.symantec.com/docs/AL1470


Terms of use for this information are found in Legal Notices