PT-2015-5320 · Microsoft+1 · Windows+1

Published

2015-04-22

Updated

2017-01-03

CVE-2015-1484

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec Workspace Streaming versions 6.1 before SP8 MP2 HF7 Symantec Workspace Streaming versions 7.5 before SP1 HF4

Description The issue allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. This can be demonstrated by placing a malicious program.exe in the specified directory. The vulnerability is related to an unquoted Windows search path in the agent when AppMgrService.exe is configured as a service.

Recommendations For Symantec Workspace Streaming version 6.1, update to at least SP8 MP2 HF7 to resolve the issue. For Symantec Workspace Streaming version 7.5, update to at least SP1 HF4 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-1484

Affected Products

Symantec Workspace Streaming

Windows

PT-2015-5320 · Microsoft+1 · Windows+1

CVE-2015-1484

Related Identifiers

Affected Products

References · 4