CVE-2014-3431

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
21/06/2014
Last modified:
12/04/2025

Description

Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*
cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*
cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*
cpe:2.3:a:symantec:encryption_desktop:10.3.2:mp1:*:*:professional:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*