CVE-2018-5235

CWE-4273 documents3 sources
Severity
6.0MEDIUM
EPSS
0.2%
top 63.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec Norton UtilitiesSymantec Corporation Norton Utilities
Timeline
PublishedAug 22
Latest updateMay 13

Description

Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the cont

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.1 | Impact: 5.9

Affected Packages2 packages

NVDsymantec/norton_utilities< 16.0.3.44
CVEListV5symantec_corporation/norton_utilitiesPrior to 16.0.3.44

🔴Vulnerability Details

2
GHSA
GHSA-gmxh-7qg6-9xjm: Norton Utilities (prior to 162022-05-13
CVEList
CVE-2018-5235: Norton Utilities (prior to 162018-08-22
CVE-2018-5235 (MEDIUM CVSS 6) | Norton Utilities (prior to 16.0.3.4 | cvebase.io