DLL Hijacking Vulnerability in Symantec Ghost Solution Suite
CVE-2018-18364

7.3HIGH

Key Information:

Vendor: Symantec Corporation
Status: Ghost Solution Suite (gss)
Vendor: CVE Published:; 8 February 2019

Summary

The vulnerability allows an attacker to exploit the Symantec Ghost Solution Suite through DLL hijacking. In this scenario, the attacker can insert a malicious DLL file that the application may load inadvertently, leading to the execution of unauthorized code. This poses a significant risk as it can allow remote code execution on affected systems, potentially compromising system integrity and confidentiality.

Affected Version(s)

Ghost Solution Suite (GSS) Prior to 3.3 RU1

References

http://www.securityfocus.com/bid/106684

vdb-entryx_refsource_BID

https://support.symantec.com/en_US/article.SYMSA1474.html

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2019
Vulnerability Reserved
Oct 15, 2018