CVE-2014-3431 | Vulnerability Database | Aqua Security

Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Encryption_desktop	Symantec	10.3.0 (including)	10.3.0 (including)
Encryption_desktop	Symantec	10.3.1 (including)	10.3.1 (including)
Encryption_desktop	Symantec	10.3.2 (including)	10.3.2 (including)
Encryption_desktop	Symantec	10.3.2-mp1 (including)	10.3.2-mp1 (including)
Pgp_desktop	Symantec	10.0.0 (including)	10.0.0 (including)
Pgp_desktop	Symantec	10.0.1 (including)	10.0.1 (including)
Pgp_desktop	Symantec	10.0.2 (including)	10.0.2 (including)
Pgp_desktop	Symantec	10.0.3 (including)	10.0.3 (including)
Pgp_desktop	Symantec	10.1.0 (including)	10.1.0 (including)
Pgp_desktop	Symantec	10.1.1 (including)	10.1.1 (including)
Pgp_desktop	Symantec	10.1.2 (including)	10.1.2 (including)
Pgp_desktop	Symantec	10.2.0 (including)	10.2.0 (including)
Pgp_desktop	Symantec	10.2.1 (including)	10.2.1 (including)
Pgp_desktop	Symantec	10.2.2 (including)	10.2.2 (including)

References

http://secunia.com/advisories/59421
http://www.securityfocus.com/bid/68077
http://www.securitytracker.com/id/1030454
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3431
CWE	https://cwe.mitre.org/data/definitions/264.html