CVE-2014-1647
low
CVSS v3
—
CVSS v2
2.6
VIR risk
2.6
Description
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@symantec.com — http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 | |
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 | |
References
- http://www.securityfocus.com/bid/67020
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00
- http://www.securityfocus.com/bid/67020
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.