CVE-2018-18367
HIGHSymantec Endpoint Protection Manager <= 12.1 RU6 MP9 and < 14.2 RU1 - DLL Preloading
Title source: llmDescription
Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.symantec.com/en_US/article.SYMSA1479.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107996
Scores
CVSS v3
7.8
EPSS
0.0040
EPSS Percentile
60.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (5)
symantec/endpoint_protection_manager
12.1 rtm (23 CPE variants)
symantec/endpoint_protection_manager
14 (3 CPE variants)
symantec/endpoint_protection_manager
14.0.1 (3 CPE variants)
symantec/endpoint_protection_manager
14.1
symantec/endpoint_protection_manager
14.2 (2 CPE variants)
Published
Apr 25, 2019
Tracked Since
Feb 18, 2026