Code Execution Vulnerability in Symantec VIP Access Desktop
CVE-2016-6593

7.8HIGH

Key Information:

Vendor
Symantec
Status
Vip Access Desktop
Vendor
CVE Published:
8 January 2020

Summary

A vulnerability in Symantec VIP Access Desktop allows local malicious users to execute arbitrary code during startup due to flaws in the jhi.dll and otpiha.dll components. Users running versions earlier than 2.2.2 are particularly at risk, as this issue can be exploited if an attacker gains local access to the system. Proper precautions should be taken to ensure the application is updated to mitigate any potential risks.

Affected Version(s)

VIP Access Desktop before 2.2.2

References

http://packetstormsecurity.com/files/140098/Symantec-VIP-...
x_refsource_MISC
http://www.securityfocus.com/bid/94731
x_refsource_MISC
http://www.securityfocus.com/archive/1/539889/100/0/threaded
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.