CVE-2018-12245

CWE-4263 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 53.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Endpoint Protection Symantec Corporation Symantec Endpoint Protection (sep)

Timeline

PublishedNov 29

Latest updateMay 14

Description

Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsymantec/endpoint_protection11.0 — 14.2.0.1

▶CVEListV5symantec_corporation/symantec_endpoint_protection_(sep)Prior to 14.2 MP1

🔴Vulnerability Details

GHSA

GHSA-p2w7-fq3g-9jx5: Symantec Endpoint Protection prior to 14↗2022-05-14

▶

CVEList

CVE-2018-12245: Symantec Endpoint Protection prior to 14↗2018-11-29

▶