CVE-2015-8156 - Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x

CVE-2015-8156

Summary

Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

References

Vulnerable Configurations

cpe:2.3:a:symantec:endpoint_encryption:11.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_encryption:11.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_encryption:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_encryption:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_encryption:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_encryption:11.0.1:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-05-2016 - 22:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	90050
confirm	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20160506_00

Last major update

18-05-2016 - 22:37

Published

14-05-2016 - 01:59

Last modified

18-05-2016 - 22:37