CVE-2013-1609
First published: Tue Mar 26 2013(Updated: )
Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.
Credit: secure@symantec.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Enterprise Vault | <=9.0.3 | |
| Symantec Enterprise Vault | =10.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1609?
CVE-2013-1609 has a medium severity rating as it allows local users to escalate privileges.
How do I fix CVE-2013-1609?
To fix CVE-2013-1609, upgrade to Symantec Enterprise Vault for File System Archiving version 9.0.4 or later, or version 10.0.1 or later.
Which versions of Symantec Enterprise Vault are affected by CVE-2013-1609?
CVE-2013-1609 affects Symantec Enterprise Vault for File System Archiving versions prior to 9.0.4 and 10.0.0.
What is the exploit method for CVE-2013-1609?
The exploit method for CVE-2013-1609 involves using Trojan horse programs to gain privileged access through unquoted search paths.
Can CVE-2013-1609 be exploited remotely?
No, CVE-2013-1609 can only be exploited locally by users with access to the vulnerable system.
- agent/references
- agent/event
- agent/author
- agent/severity
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- vendor/symantec
- canonical/symantec enterprise vault
- version/symantec enterprise vault/9.0.3
- version/symantec enterprise vault/10.0.0