PT-2018-11073 · Symantec · Symantec Endpoint Protection

Publicado

2018-11-29

Atualizado

2018-12-28

CVE-2018-12245

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions prior to 14.2 MP1

Description The issue is related to a DLL Preloading vulnerability, which occurs when an application unintentionally loads a DLL provided by a potential attacker during installation. This exploit only manifests at install time and does not affect already installed software. The problem was specific to the Trialware media for Symantec Endpoint Protection.

Recommendations For Symantec Endpoint Protection versions prior to 14.2 MP1, update to version 14.2 MP1 or later to resolve the issue.

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

CVE-2018-12245

Produtos afetados

Symantec Endpoint Protection

PT-2018-11073 · Symantec · Symantec Endpoint Protection

CVE-2018-12245

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4