CVE-2015-1484

Published: Apr 22, 2015Modified: May 6, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

Affected (2)

Products: Symantec: Workspace Streaming

1 product

Workspace Streaming

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Symantec Workspace Streaming	Version 6.1 sp8
Symantec Workspace Streaming	Version 7.5 sp1

References (6)

http://www.securityfocus.com/bid/73925

Source: secure@symantec.com

http://www.securitytracker.com/id/1032133

Source: secure@symantec.com

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150410_00

Source: secure@symantec.com

Vendor Advisory

http://www.securityfocus.com/bid/73925

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032133

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150410_00

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.