Description
A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/94695
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/95444
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securitytracker.com/id/1037622
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securitytracker.com/id/1037623
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securitytracker.com/id/1037624
Vendor Advisory x_refsource_confirm
https://support.symantec.com/us/en/article.SYMSA1394.html
Scores
CVSS v3
7.8
EPSS
0.0061
EPSS Percentile
70.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
symantec/norton_download_manager
< 5.6
Published
Jan 14, 2020
Tracked Since
Feb 18, 2026