Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
2014-06-21T15:55:04.680
2025-04-12T10:46:40.837
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:L/AC:L/Au:S/C:P/I:P/A:P
3.1
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | symantec | encryption_desktop | 10.3.0 | Yes |
| Application | symantec | encryption_desktop | 10.3.1 | Yes |
| Application | symantec | encryption_desktop | 10.3.2 | Yes |
| Application | symantec | encryption_desktop | 10.3.2 | Yes |
| Application | symantec | pgp_desktop | 10.0.0 | Yes |
| Application | symantec | pgp_desktop | 10.0.1 | Yes |
| Application | symantec | pgp_desktop | 10.0.2 | Yes |
| Application | symantec | pgp_desktop | 10.0.3 | Yes |
| Application | symantec | pgp_desktop | 10.1.0 | Yes |
| Application | symantec | pgp_desktop | 10.1.1 | Yes |
| Application | symantec | pgp_desktop | 10.1.2 | Yes |
| Application | symantec | pgp_desktop | 10.2.0 | Yes |
| Application | symantec | pgp_desktop | 10.2.1 | Yes |
| Application | symantec | pgp_desktop | 10.2.2 | Yes |
| Operating System | apple | mac_os_x | * | No |