CVE-2015-1484 Information

Description

Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4 when AppMgrService.exe is configured as a service allows local users to gain privileges via a Trojan horse executable file in the SYSTEMDRIVE directory as demonstrated by program.exe.

Reference

http://www.securityfocus.com/bid/73925 http://www.securitytracker.com/id/1032133 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150410_00