{"api_version":"1","generated_at":"2026-05-30T00:41:57+00:00","cve":"CVE-2013-1609","urls":{"html":"https://cve.report/CVE-2013-1609","api":"https://cve.report/api/cve/CVE-2013-1609.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-1609","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-1609"},"summary":{"title":"CVE-2013-1609","description":"Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.","state":"PUBLISHED","assigner":"symantec","published_at":"2013-03-26 14:07:27","updated_at":"2026-04-29 01:13:23"},"problem_types":["NVD-CWE-Other","n/a","CWE-428 CWE-428 Unquoted Search Path or Element"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:L/AC:L/Au:S/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","baseScore":6.8,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00","name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Advisories Relating to Symantec Products - Symantec Enterprise Vault Local Elevation of Privilege - 2013-03-21T09:51:01 PDT\n\t| Symantec","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/58617","name":"http://www.securityfocus.com/bid/58617","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Enterprise Vault CVE-2013-1609 Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-1609","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1609","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"1609","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"enterprise_vault_for_file_system_archiving","cpe6":"10.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"1609","vulnerable":"1","versionEndIncluding":"9.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"enterprise_vault_for_file_system_archiving","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2013","cve_id":"1609","cve":"CVE-2013-1609","epss":"0.002730000","percentile":"0.508560000","score_date":"2026-05-28","updated_at":"2026-05-29 00:13:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T15:04:49.483Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00"},{"name":"58617","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/58617"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2013-1609","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-22T10:46:43.100737Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-428","description":"CWE-428 Unquoted Search Path or Element","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-22T10:46:48.746Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2013-03-26T14:00:00.000Z","orgId":"80d3bcb6-88de-48c2-a47e-aebf795f19b5","shortName":"symantec"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00"},{"name":"58617","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/58617"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@symantec.com","ID":"CVE-2013-1609","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00","refsource":"CONFIRM","url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00"},{"name":"58617","refsource":"BID","url":"http://www.securityfocus.com/bid/58617"}]}}}},"cveMetadata":{"assignerOrgId":"80d3bcb6-88de-48c2-a47e-aebf795f19b5","assignerShortName":"symantec","cveId":"CVE-2013-1609","datePublished":"2013-03-26T14:00:00.000Z","dateReserved":"2013-02-04T00:00:00.000Z","dateUpdated":"2026-05-22T10:46:48.746Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2013-03-26 14:07:27","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["NVD-CWE-Other","n/a","CWE-428 CWE-428 Unquoted Search Path or Element"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","baseScore":6.8,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.3","matchCriteriaId":"36C5BBCC-B0C1-4B90-B2DE-5457419CA88A"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:enterprise_vault_for_file_system_archiving:10.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E7A76C69-5D78-4287-8E88-D633513CE047"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"1609","Ordinal":"1","Title":"CVE-2013-1609","CVE":"CVE-2013-1609","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"1609","Ordinal":"1","NoteData":"Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.","Type":"Description","Title":"CVE-2013-1609"},{"CveYear":"2013","CveId":"1609","Ordinal":"2","NoteData":"2013-03-26","Type":"Other","Title":"Published"}]}}}