CVE-2018-6766

Name of the Vulnerable Software and Affected Versions Swisscom TVMediaHelper version 1.1.0.50

Description The issue exists due to the way .dll files are loaded by the SwisscomTVMediaHelper.exe process, specifically with the handling of several DLLs such as dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, and apphelp.dll. This could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system by loading a .dll of their choice, potentially executing arbitrary code without the user's knowledge.

Recommendations For Swisscom TVMediaHelper version 1.1.0.50, consider restricting the loading of external .dll files by the SwisscomTVMediaHelper.exe process as a temporary mitigation measure. Additionally, monitor the system for any suspicious activity related to the handling of the mentioned DLLs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.