Lucene search

[email protected]CVE-2015-1484

HistoryApr 22, 2015 - 10:59 a.m.

CVE-2015-1484

2015-04-2210:59:00

[email protected]

web.nvd.nist.gov

cve-2015-1484

symantec

workspace streaming

sws

unquoted search path

windows vulnerability

local privilege escalation

8.8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

Affected configurations

NVD

Node

symantecworkspace_streamingMatch6.1sp8

symantecworkspace_streamingMatch7.5sp1

CPENameOperatorVersion
symantec:workspace_streamingsymantec workspace streamingeq6.1
symantec:workspace_streamingsymantec workspace streamingeq7.5

CPE	Name	Operator	Version
symantec:workspace_streaming	symantec workspace streaming	eq	6.1
symantec:workspace_streaming	symantec workspace streaming	eq	7.5

References

www.securityfocus.com/bid/73925

www.securitytracker.com/id/1032133

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150410_00

8.8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

Related for CVE-2015-1484

nvd1 prion1 nessus1 openvas2 cvelist1 symantec1