CVE-2017-6329

Name of the Vulnerable Software and Affected Versions Symantec VIP Access for Desktop versions prior to 2.2.4

Description The issue occurs due to a DLL Pre-Loading vulnerability, where an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. The exploitation of the issue manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application.

Recommendations For Symantec VIP Access for Desktop versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the application's ability to load external DLLs to minimize the risk of exploitation.