DLL Preloading Vulnerability in Symantec Endpoint Protection Manager
CVE-2018-18367

7.8HIGH

Key Information:

Vendor: Symantec Corporation
Status: Symantec Endpoint Protection Manager
Vendor: CVE Published:; 25 April 2019

🔔 Create Symantec Corporation Vulnerability Alert

What is CVE-2018-18367?

The Symantec Endpoint Protection Manager (SEPM) prior to and including version 12.1 RU6 MP9 and version 14.2 RU1 is prone to a DLL Preloading vulnerability. This occurs when an application attempts to load a Dynamic Link Library (DLL) file and fails to validate its origin, allowing an attacker to exploit this weakness by providing a malicious DLL. Successfully executing this attack could lead to unauthorized actions within the system, putting sensitive data at risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Symantec Endpoint Protection Manager Prior to and including 12.1 RU6 MP9

Symantec Endpoint Protection Manager Prior to 14.2 RU1

References

https://support.symantec.com/en_US/article.SYMSA1479.html

x_refsource_CONFIRM

http://www.securityfocus.com/bid/107996

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2019
Vulnerability Reserved
Oct 15, 2018

JSON

Symantec Corporation

What is CVE-2018-18367?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.