CVE-2014-3431

Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.

Published: Jun 21, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3431
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:L/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
symantec / encryption_desktop	10.3.0	10.3.0.x
symantec / encryption_desktop	10.3.1	10.3.1.x
symantec / encryption_desktop	10.3.2-mp1	10.3.2-mp1.x
symantec / encryption_desktop	10.3.2	10.3.2.x
symantec / pgp_desktop	10.0.0	10.0.0.x
symantec / pgp_desktop	10.0.1	10.0.1.x
symantec / pgp_desktop	10.0.2	10.0.2.x
symantec / pgp_desktop	10.0.3	10.0.3.x
symantec / pgp_desktop	10.1.0	10.1.0.x
symantec / pgp_desktop	10.1.1	10.1.1.x
symantec / pgp_desktop	10.1.2	10.1.2.x
symantec / pgp_desktop	10.2.0	10.2.0.x
symantec / pgp_desktop	10.2.1	10.2.1.x
symantec / pgp_desktop	10.2.2	10.2.2.x

Vulnerability Database

290,206

CVE-2014-3431