← Back

CVE-2018-18369

nvd nist
Published: Apr 25, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Affected (5)

Symantec
4 products
Endpoint Protection
Endpoint Protection Cloud
Endpoint Protection Cloud Agent
Norton Security
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Symantec
Endpoint Protection
Version nis-22.15.2.22
Endpoint Protection
Version sep-12.1.7484.7002
Endpoint Protection Cloud
Before 22.16.3
Endpoint Protection Cloud Agent
Before 3.00.31.2817
Norton Security
Before 22.16.3

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (4)

Source: secure@symantec.com
Third Party AdvisoryVDB Entry
Source: secure@symantec.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.