Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-6533

CWE-119 — Buffer Overflow4 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 74.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Encryption Desktop Symantec PGP Desktop

Timeline

PublishedFeb 18

Latest updateMay 17

Description

Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶NVDsymantec/encryption_desktop10.3.0

▶NVDsymantec/pgp_desktop9 versions+8

🔴Vulnerability Details

GHSA

GHSA-r7gc-vqj2-3qmm: Buffer overflow in pgpwded↗2022-05-17

▶

CVEList

CVE-2012-6533: Buffer overflow in pgpwded↗2013-02-18

▶

💥Exploits & PoCs

Exploit-DB

Symantec Encryption Desktop 10 - Local Buffer Overflow / Local Privilege Escalation↗2012-02-25

▶