CVE-2013-1609 - Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHo

CVE-2013-1609

Summary

Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.

References

Vulnerable Configurations

cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving:10.0.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 27-03-2013 - 13:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:S/C:C/I:C/A:C

refmap via4

bid	58617
confirm	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00

Last major update

27-03-2013 - 13:25

Published

26-03-2013 - 14:07

Last modified

27-03-2013 - 13:25