1. CVE-Search
  2. CVE-2015-1484
ID CVE-2015-1484
Summary Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:workspace_streaming:6.1:sp8:*:*:*:*:*:*
    cpe:2.3:a:symantec:workspace_streaming:6.1:sp8:*:*:*:*:*:*
  • cpe:2.3:a:symantec:workspace_streaming:7.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:workspace_streaming:7.5:sp1:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 03-01-2017 - 02:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 73925
confirm http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150410_00
sectrack 1032133
Last major update 03-01-2017 - 02:59
Published 22-04-2015 - 10:59
Last modified 03-01-2017 - 02:59
Back to Top