CVE-2013-1609

Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/58617
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving::::::::
	cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving:10.0.0:::::::*

History

No history.

Information

Published : 2013-03-26 14:07

Updated : 2024-02-28 12:00

NVD link : CVE-2013-1609

Mitre link : CVE-2013-1609

CVE.ORG link : CVE-2013-1609

JSON object : View

Products Affected

symantec

enterprise_vault_for_file_system_archiving

CWE

NVD-CWE-Other

{"id": "CVE-2013-1609", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-26T14:07:27.770", "references": [{"url": "http://www.securityfocus.com/bid/58617", "source": "secure@symantec.com"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00", "source": "secure@symantec.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ruta no confiable en la b\u00fasqueda no literal de Windows en los servicios (1) File Collector y (2) File PlaceHolder en Symantec Enterprise Vault (EV) para File System Archiving anterior a v9.0.4 y v10.x anterior a v10.0.1, permite a usuarios locales obtener privilegios a trav\u00e9s de un programa tipo troyano."}], "lastModified": "2013-03-27T13:25:55.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36C5BBCC-B0C1-4B90-B2DE-5457419CA88A", "versionEndIncluding": "9.0.3"}, {"criteria": "cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A76C69-5D78-4287-8E88-D633513CE047"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}