DLL Hijacking Vulnerability in Sophos Tester Tool by Sophos
CVE-2018-6318
7.8HIGH
Summary
The Sophos Tester Tool 3.2.0.7 Beta is susceptible to a DLL Hijacking vulnerability. This issue arises when the application loads a DLL from NTDLL.DLL without proper validation, allowing an attacker to replace it with a malicious DLL of the same name. Once executed, this malicious DLL can lead to unauthorized actions, executing potentially harmful payloads. Users should implement appropriate security measures to mitigate the risks associated with such attacks.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved