CVE-2018-18369

HIGH

Norton Security < 22.16.3 and Symantec Endpoint Protection Cloud < 22.16.3 - DLL Preloading

Title source: llm
STIX 2.1

Description

Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.symantec.com/en_US/article.SYMSA1479.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107997

Scores

CVSS v3 7.8
EPSS 0.0084
EPSS Percentile 74.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-426
Status published
Products (5)
symantec/endpoint_protection nis-22.15.2.22
symantec/endpoint_protection sep-12.1.7484.7002
symantec/endpoint_protection_cloud < 22.16.3
symantec/endpoint_protection_cloud_agent < 3.00.31.2817
symantec/norton_security < 22.16.3
Published Apr 25, 2019
Tracked Since Feb 18, 2026