Symantec PGP Desktop Buffer Overflows Let Local Users Gain Elevated Privileges
Symantec PGP Desktop 10.2.x,10.1.x,10.0.x
Symantec Encryption Desktop 10.3.0
Two vulnerabilities were reported in Symantec PGP Desktop.
A local user can trigger an integer overflow in 'pgpwded.sys' to execute arbitrary code on the target system [CVE-2012-4351].
On Windows XP and Windows Sever 2003, a local user can trigger a buffer overflow [CVE-2012-4352].
A local user can obtain elevated privileges on the target system.
The vendor has issued a fix (10.3.0 maintenance pack 1).
Symantec Desktop Encryption maintenance update may be obtained through normal Symantec support locations.