Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Workspace_streaming | Symantec | 6.1-sp8 (including) | 6.1-sp8 (including) |
| Workspace_streaming | Symantec | 7.5-sp1 (including) | 7.5-sp1 (including) |
References
- http://www.securityfocus.com/bid/73925
- http://www.securitytracker.com/id/1032133
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00
- http://www.securityfocus.com/bid/73925
- http://www.securitytracker.com/id/1032133
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150410_00