CVE-2015-1484

2015-04-2210:59:00

symantec

web.nvd.nist.gov

cve-2015-1484

symantec

workspace streaming

sws

unquoted search path

windows vulnerability

local privilege escalation

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.8

Confidence

High

EPSS

Percentile

9.5%

JSON

Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

Affected configurations

Nvd

Node

symantecworkspace_streamingMatch6.1sp8

symantecworkspace_streamingMatch7.5sp1

VendorProductVersionCPE
symantecworkspace_streaming6.1cpe:2.3:a:symantec:workspace_streaming:6.1:sp8:*:*:*:*:*:*
symantecworkspace_streaming7.5cpe:2.3:a:symantec:workspace_streaming:7.5:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	workspace_streaming	6.1	cpe:2.3:a:symantec:workspace_streaming:6.1:sp8::::::
symantec	workspace_streaming	7.5	cpe:2.3:a:symantec:workspace_streaming:7.5:sp1::::::