PT-2019-9583 · Symantec · Symantec Endpoint Protection Manager+1

Published

2019-04-25

Updated

2019-05-03

CVE-2018-18367

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection Manager versions prior to and including 12.1 RU6 MP9 Symantec Endpoint Protection Manager versions prior to 14.2 RU1

Description The issue is related to a DLL Preloading vulnerability. This type of vulnerability occurs when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Recommendations For versions prior to and including 12.1 RU6 MP9, update to a version later than 12.1 RU6 MP9. For versions prior to 14.2 RU1, update to version 14.2 RU1 or later.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2018-18367

Affected Products

Symantec Endpoint Protection Manager

Symantec Endpoint Protection Server

PT-2019-9583 · Symantec · Symantec Endpoint Protection Manager+1

CVE-2018-18367

Weakness Enumeration

Related Identifiers

Affected Products

References · 4