PT-2017-17002 · Symantec · Symantec Vip Access Desktop

Published

2017-08-21

Updated

2019-10-03

CVE-2017-6329

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symantec VIP Access for Desktop versions prior to 2.2.4

Description The issue occurs due to a DLL Pre-Loading vulnerability, where an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. The exploitation of the issue manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application.

Recommendations For Symantec VIP Access for Desktop versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the application's ability to load external DLLs to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2017-6329

Affected Products

Symantec Vip Access Desktop

PT-2017-17002 · Symantec · Symantec Vip Access Desktop

CVE-2017-6329

Weakness Enumeration

Related Identifiers

Affected Products

References · 4