Symantec PGP Whole Disk Encryption 10.2.0 Build 2599 on Windows XP/2003 Privileges pgpwded.sys IOCTL numeric error
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Symantec PGP Whole Disk Encryption 10.2.0 Build 2599 on Windows XP/2003 and classified as problematic. This issue affects some unknown processing of the file pgpwded.sys of the component Privileges. The manipulation with the input 0x80022058 as part of IOCTL results in numeric error.
This vulnerability is reported as CVE-2012-4351. Moreover, an exploit is present.
A patch should be applied to remediate this issue.
Details
A vulnerability was found in Symantec PGP Whole Disk Encryption 10.2.0 Build 2599 on Windows XP/2003. It has been classified as problematic. Affected is an unknown code of the file pgpwded.sys of the component Privileges. The manipulation with the input value 0x80022058 leads to a numeric error vulnerability. CWE is classifying the issue as CWE-189. This is going to have an impact on confidentiality, and integrity. CVE summarizes:
Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application.
The weakness was disclosed 12/25/2012 by Nikita Tarakanov as Symantec PGP Desktop 0day as confirmed posting (Pastebin). The advisory is available at pastebin.com. The vendor was not involved in the coordination of the public release. This vulnerability is traded as CVE-2012-4351 since 08/16/2012. The exploitability is told to be difficult. Local access is required to approach this attack. A authentication is needed for exploitation. Technical details and a private exploit are known.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 64853 (Symantec Encryption Desktop Local Access Elevation of Privilege Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows.
Upgrading to version 10.3.0 eliminates this vulnerability. Applying the patch Maintenance Pack is able to eliminate this problem. The problem might be mitigated by replacing the product with TrueCrypt or GnuPG as an alternative. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published 2 months after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (82062), Tenable (64853), SecurityFocus (BID 57170†), OSVDB (88920†) and Secunia (SA52219†). Further details are available at news.softpedia.com. The entry VDB-63589 is pretty similar. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.6VulDB Meta Temp Score: 3.3
VulDB Base Score: 3.6
VulDB Temp Score: 3.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Numeric errorCWE: CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Private
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 64853
Nessus Name: Symantec Encryption Desktop Local Access Elevation of Privilege Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: PGP Whole Disk Encryption 10.3.0
Patch: Maintenance Pack
Alternative: TrueCrypt/GnuPG
Timeline
08/16/2012 🔍12/25/2012 🔍
01/06/2013 🔍
01/06/2013 🔍
01/07/2013 🔍
01/07/2013 🔍
01/07/2013 🔍
02/13/2013 🔍
02/18/2013 🔍
02/22/2013 🔍
02/26/2013 🔍
04/20/2021 🔍
Sources
Vendor: symantec.comAdvisory: Symantec PGP Desktop 0day
Researcher: Nikita Tarakanov
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2012-4351 (🔍)
GCVE (CVE): GCVE-0-2012-4351
GCVE (VulDB): GCVE-100-7242
IAVM: 🔍
X-Force: 82062
SecurityFocus: 57170 - Symantec Encryption Desktop CVE-2012-4351 Local Integer Overflow Vulnerability
Secunia: 52219 - Symantec Encryption Desktop Two Privilege Escalation Vulnerabilities, Less Critical
OSVDB: 88920
SecurityTracker: 1027940 - Symantec PGP Desktop Lets Local Users Gain Elevated Privileges
Vulnerability Center: 38547 - Symantec PGP Desktop and Encryption Desktop Integer Overflow Allows Local Privilege Escalation, High
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 01/06/2013 12:54Updated: 04/20/2021 14:51
Changes: 01/06/2013 12:54 (63), 04/25/2017 11:10 (33), 04/20/2021 14:51 (3)
Complete: 🔍
Cache ID: 216:CBB:103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.