PT-2018-11073 · Symantec · Symantec Endpoint Protection

Published

2018-11-29

Updated

2018-12-28

CVE-2018-12245

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions prior to 14.2 MP1

Description The issue is related to a DLL Preloading vulnerability, which occurs when an application unintentionally loads a DLL provided by a potential attacker during installation. This exploit only manifests at install time and does not affect already installed software. The problem was specific to the Trialware media for Symantec Endpoint Protection.

Recommendations For Symantec Endpoint Protection versions prior to 14.2 MP1, update to version 14.2 MP1 or later to resolve the issue.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2018-12245

Affected Products

Symantec Endpoint Protection

PT-2018-11073 · Symantec · Symantec Endpoint Protection

CVE-2018-12245

Weakness Enumeration

Related Identifiers

Affected Products

References · 4