Remote Code Execution Vulnerability in Symantec Norton Download Manager
CVE-2016-6592

7.8HIGH

Key Information:

Vendor
Symantec
Status
Norton Download Manager
Vendor
CVE Published:
14 January 2020

Summary

A security flaw exists in the Norton Download Manager where a remote attacker can exploit the vulnerability by crafting a malicious DLL file. When this DLL is placed on the target system, it can be loaded instead of the legitimate DLL by the Norton Download Manager. This allows the attacker to execute arbitrary code on the target machine, potentially resulting in unauthorized access and system compromise.

Affected Version(s)

Norton Download Manager 2016

References

http://www.securityfocus.com/bid/94695
x_refsource_MISC
http://www.securityfocus.com/bid/95444
x_refsource_MISC
http://www.securitytracker.com/id/1037622
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.