Unquoted Windows Search Path Vulnerability in Symantec Workspace Streaming
CVE-2015-1484

Currently unrated

Key Information:

Vendor: Symantec
Status: Workspace Streaming
Vendor: CVE Published:; 22 April 2015

Summary

An unquoted Windows search path vulnerability exists in the Symantec Workspace Streaming agent, affecting versions prior to specific service packs. When AppMgrService.exe runs as a service, local users may exploit this weakness by placing a malicious executable in the %SYSTEMDRIVE% directory. This could enable unauthorized privilege escalation through the execution of a Trojan horse file, impacting system security and integrity.

References

http://www.securitytracker.com/id/1032133

vdb-entryx_refsource_SECTRACK

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/73925

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 22, 2015
Vulnerability Reserved
Feb 5, 2015