CVE-2013-1609

EUVD-2013-1644
Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
symantecenterprise_vault_for_file_system_archiving
𝑥
≤ 9.0.3
symantecenterprise_vault_for_file_system_archiving
10.0.0
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/58617
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00
http://www.securityfocus.com/bid/58617
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00