CVE-2018-5238Uncontrolled Search Path Element in Norton Power Eraser

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 34.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Symantec Norton Power EraserSymantec SymdiagSymantec Corporation Norton Power Eraser+1 more
Timeline
PublishedAug 22
Latest updateMay 14

Description

Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a f

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5symantec_corporation/norton_power_eraserPrior to 5.3.0.24
NVDsymantec/symdiag< 2.1.242
CVEListV5symantec_corporation/symdiagPrior to 2.1.242

🔴Vulnerability Details

2
GHSA
GHSA-cf5f-pw2j-32gg: Norton Power Eraser (prior to 52022-05-14
CVEList
CVE-2018-5238: Norton Power Eraser (prior to 52018-08-22
CVE-2018-5238 — Uncontrolled Search Path Element | cvebase