CVE-2012-6533 - OpenCVE

Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 2003 Server Windows Xp
Symantec	Encryption Desktop Pgp Desktop

Configuration 1 [-]

AND

OR	cpe:2.3:a:symantec:pgp_desktop:10.0.0:-::::windows::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.1:-::::windows::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.2:-::::windows::*
	cpe:2.3:a:symantec:pgp_desktop:10.0.3:-::::windows::*
	cpe:2.3:a:symantec:pgp_desktop:10.1.0:-::::windows::*
	cpe:2.3:a:symantec:pgp_desktop:10.1.1:-::::windows::*
	cpe:2.3:a:symantec:pgp_desktop:10.1.2:-::::windows::*
	cpe:2.3:a:symantec:pgp_desktop:10.2.0:-::::windows::*
	cpe:2.3:a:symantec:pgp_desktop:10.2.1:-::::windows::*

OR	cpe:2.3:o:microsoft:windows_2003_server::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

Configuration 2 [-]

cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/57835
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2013-02-18T11:00:00Z

Updated: 2024-09-17T03:22:24.849Z

Reserved: 2013-02-17T00:00:00Z

Link: CVE-2012-6533

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-02-18T11:56:38.807

Modified: 2013-02-20T05:00:00.000

Link: CVE-2012-6533

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-02-18T11:00:00Z", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"name": "57835", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57835"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2012-6533", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "57835", "refsource": "BID", "url": "http://www.securityfocus.com/bid/57835"}, {"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:28:39.920Z"}, "title": "CVE Program Container", "references": [{"name": "57835", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/57835"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2012-6533", "datePublished": "2013-02-18T11:00:00Z", "dateReserved": "2013-02-17T00:00:00Z", "dateUpdated": "2024-09-17T03:22:24.849Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:-:*:*:*:windows:*:*", "matchCriteriaId": "8ECF6686-DE99-4E36-8755-F9428167F709", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:-:*:*:*:windows:*:*", "matchCriteriaId": "CCD53E72-7D94-437F-AE83-C077FAD671A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:-:*:*:*:windows:*:*", "matchCriteriaId": "A0604C91-EC64-490B-9C94-00C1757DADE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:-:*:*:*:windows:*:*", "matchCriteriaId": "1D633009-6006-4C62-8E23-F1380C66FA17", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:-:*:*:*:windows:*:*", "matchCriteriaId": "1F8F75CC-8725-44F1-9833-1279AE2FF49D", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:-:*:*:*:windows:*:*", "matchCriteriaId": "6FA86438-9097-463D-8EA5-6E49A46215F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:-:*:*:*:windows:*:*", "matchCriteriaId": "DBC102F4-B58F-43A7-BE48-849FA764ED32", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:-:*:*:*:windows:*:*", "matchCriteriaId": "C13CC0B6-F19B-4CBB-ACE8-4105D672C8AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:-:*:*:*:windows:*:*", "matchCriteriaId": "AA77179C-D1D1-4FCF-B1BF-2EA481966972", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "838DEBE6-2A04-4737-8282-5E7803B483A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application."}, {"lang": "es", "value": "Desbordamiento de buffer en pgpwded.sys del Symantec PGP Desktop v10.x and Encryption Desktop v10.3.0 antes de MP1 en Windows XP y Server 2003 que permite a usuarios locales escalar privilegios por medio de aplicaciones creadas para este prop\u00f3sito."}], "id": "CVE-2012-6533", "lastModified": "2013-02-20T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-18T11:56:38.807", "references": [{"source": "secure@symantec.com", "url": "http://www.securityfocus.com/bid/57835"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}