CVE-2015-1484

Name of the Vulnerable Software and Affected Versions Symantec Workspace Streaming versions 6.1 before SP8 MP2 HF7 Symantec Workspace Streaming versions 7.5 before SP1 HF4

Description The issue allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. This can be demonstrated by placing a malicious program.exe in the specified directory. The vulnerability is related to an unquoted Windows search path in the agent when AppMgrService.exe is configured as a service.

Recommendations For Symantec Workspace Streaming version 6.1, update to at least SP8 MP2 HF7 to resolve the issue. For Symantec Workspace Streaming version 7.5, update to at least SP1 HF4 to resolve the issue.