PT-2020-8049 · Symantec · Norton Download Manager
Published
2020-01-14
·
Updated
2020-01-21
·
CVE-2016-6592
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Symantec Norton Download Manager versions prior to 5.6
Description:
A remote user can create a specially crafted DLL file to execute arbitrary code when the Norton Download Manager component is run. This is achieved by loading the remote user's DLL instead of the intended one.
Recommendations:
For versions prior to 5.6, update to version 5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the DLL loading mechanism in the Norton Download Manager component until a patch is available.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Norton Download Manager