Description Preview
The vulnerability identified as CVE-2013-1610 exists in Symantec PGP Desktop versions 10.0.x through 10.2.x and Symantec Encryption Desktop version 10.3.0 before MP3. It allows local users to escalate privileges by placing a malicious application in the top-level directory of the %SYSTEMDRIVE%.
Overview
This vulnerability in Symantec encryption software allows local users to gain elevated privileges on the system by exploiting an unquoted Windows search path vulnerability in the RDDService component. By placing a Trojan horse application in the %SYSTEMDRIVE% top-level directory, an attacker can manipulate the search path to execute the malicious code with elevated privileges.
Remediation
To mitigate this vulnerability, Symantec recommends updating to the latest version of Symantec PGP Desktop or Symantec Encryption Desktop. Additionally, users should ensure that all software installations are quoted properly to prevent unauthorized applications from being executed with elevated privileges.
References
- SecurityFocus BID: 61489
- Symantec Security Advisory: Symantec Advisory
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Public AdministrationPublic Administration
- Finance and InsuranceFinance and Insurance
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- Educational ServicesEducational Services
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- ConstructionConstruction
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
