DLL Hijacking Vulnerability in Veritas System Recovery by Veritas
CVE-2017-7444

7.8HIGH

Key Information:

Vendor: Veritas
Status: System Recovery
Vendor: CVE Published:; 5 April 2017

Summary

A vulnerability exists in Veritas System Recovery prior to version 16 SP1, allowing potential attackers to exploit DLL hijacking. If an attacker possesses write access to the directory from which the product is executed, they may execute malicious code by placing a DLL file in the installation path. This security flaw highlights the importance of controlling write access to sensitive directories to prevent unauthorized execution of potentially harmful code.

References

http://www.securityfocus.com/bid/97483

vdb-entryx_refsource_BID

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2017
Vulnerability Reserved
Apr 5, 2017