CVE-2014-3431

EUVD-2014-3443
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
symantecencryption_desktop
10.3.0
symantecencryption_desktop
10.3.1
symantecencryption_desktop
10.3.2
symantecencryption_desktop
10.3.2:mp1
symantecpgp_desktop
10.0.0
symantecpgp_desktop
10.0.1
symantecpgp_desktop
10.0.2
symantecpgp_desktop
10.0.3
symantecpgp_desktop
10.1.0
symantecpgp_desktop
10.1.1
symantecpgp_desktop
10.1.2
symantecpgp_desktop
10.2.0
symantecpgp_desktop
10.2.1
symantecpgp_desktop
10.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/59421
http://www.securityfocus.com/bid/68077
http://www.securitytracker.com/id/1030454
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00
http://secunia.com/advisories/59421
http://www.securityfocus.com/bid/68077
http://www.securitytracker.com/id/1030454
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00