DLL Hijacking Vulnerability in Sophos Tester Tool by Sophos
CVE-2018-6318

7.8HIGH

Key Information:

Vendor
Sophos
Vendor
CVE Published:
2 February 2018

Summary

The Sophos Tester Tool 3.2.0.7 Beta is susceptible to a DLL Hijacking vulnerability. This issue arises when the application loads a DLL from NTDLL.DLL without proper validation, allowing an attacker to replace it with a malicious DLL of the same name. Once executed, this malicious DLL can lead to unauthorized actions, executing potentially harmful payloads. Users should implement appropriate security measures to mitigate the risks associated with such attacks.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.