DLL Preloading Vulnerability in Symantec Endpoint Protection Software
CVE-2018-12245

7.8HIGH

Key Information:

Vendor: Symantec Corporation
Status: Symantec Endpoint Protection (sep)
Vendor: CVE Published:; 29 November 2018

🔔 Create Symantec Corporation Vulnerability Alert

What is CVE-2018-12245?

A vulnerability exists in Symantec Endpoint Protection software where a DLL Preloading flaw may allow an attacker to leverage the application installation process to load a malicious DLL. This occurs when the installation of the software inadvertently incorporates a DLL that has been provided by an attacker. It is important to note that this issue only affects installations through the Trialware media and does not pose a risk to systems where the software has already been deployed. Symantec has updated its software to address this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Symantec Endpoint Protection (SEP) Prior to 14.2 MP1

References

http://www.securityfocus.com/bid/105919

vdb-entryx_refsource_BID

https://support.symantec.com/content/unifiedweb/en_US/art...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2018
Vulnerability Reserved
Jun 12, 2018

JSON

Symantec Corporation

What is CVE-2018-12245?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.