CVE-2013-1609

HIGH

Symantec EV <9.0.4, <10.0.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58617

Scores

CVSS v3 7.8
EPSS 0.0041
EPSS Percentile 33.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (2)
symantec/enterprise_vault_for_file_system_archiving 10.0.0
symantec/enterprise_vault_for_file_system_archiving < 9.0.3
Published Mar 26, 2013
Tracked Since Feb 18, 2026