CVE-2014-3431

Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:S/C:P/I:P/A:P
symantecCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
symantecencryption_desktop
10.3.0
symantecencryption_desktop
10.3.1
symantecencryption_desktop
10.3.2
symantecencryption_desktop
10.3.2:mp1
symantecpgp_desktop
10.0.0
symantecpgp_desktop
10.0.1
symantecpgp_desktop
10.0.2
symantecpgp_desktop
10.0.3
symantecpgp_desktop
10.1.0
symantecpgp_desktop
10.1.1
symantecpgp_desktop
10.1.2
symantecpgp_desktop
10.2.0
symantecpgp_desktop
10.2.1
symantecpgp_desktop
10.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/59421
http://www.securityfocus.com/bid/68077
http://www.securitytracker.com/id/1030454
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00
http://secunia.com/advisories/59421
http://www.securityfocus.com/bid/68077
http://www.securitytracker.com/id/1030454
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00