CVE-2018-5238
Vulnerability from cvelistv5
Published
2018-08-22 17:00
Modified
2024-09-17 00:21
Severity ?
Summary
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
References
secure@symantec.comhttp://www.securityfocus.com/bid/105100Third Party Advisory, VDB Entry
secure@symantec.comhttps://support.symantec.com/en_US/article.SYMSA1459.htmlMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105100Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://support.symantec.com/en_US/article.SYMSA1459.htmlMitigation, Vendor Advisory
Impacted products
Vendor Product Version
Symantec Corporation SymDiag Version: Prior to 2.1.242
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:42.717Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
          },
          {
            "name": "105100",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Norton Power Eraser",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 5.3.0.24"
            }
          ]
        },
        {
          "product": "SymDiag",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 2.1.242"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "DLL Preloading",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-23T09:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
        },
        {
          "name": "105100",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "DATE_PUBLIC": "2018-08-15T00:00:00",
          "ID": "CVE-2018-5238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Norton Power Eraser",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 5.3.0.24"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SymDiag",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 2.1.242"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Symantec Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DLL Preloading"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.symantec.com/en_US/article.SYMSA1459.html",
              "refsource": "CONFIRM",
              "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
            },
            {
              "name": "105100",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2018-5238",
    "datePublished": "2018-08-22T17:00:00Z",
    "dateReserved": "2018-01-05T00:00:00",
    "dateUpdated": "2024-09-17T00:21:49.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.3.0.24\", \"matchCriteriaId\": \"ACDF0044-720B-457A-AE30-015735F1A3AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symdiag:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.1.242\", \"matchCriteriaId\": \"6FAE0830-3B68-4348-B8DF-7C1C0B9B1E08\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.\"}, {\"lang\": \"es\", \"value\": \"Norton Power Eraser (en versiones anteriores a la 5.3.0.24) y SymDiag (en versiones anteriores a la 2.1.242) pueden ser susceptibles a una vulnerabilidad de precarga de DLL, que es un tipo de problema que puede ocurrir cuando una aplicaci\\u00f3n busca llamar a un DLL para su ejecuci\\u00f3n y un atacante proporciona un DLL malicioso para usarlo en su lugar. Dependiendo de c\\u00f3mo est\\u00e9 configurada la aplicaci\\u00f3n, \\u00e9sta por lo general seguir\\u00e1 una ruta de b\\u00fasqueda espec\\u00edfica para localizar el DLL. La vulnerabilidad puede ser explotada mediante una escritura simple de archivo (o, potencialmente, una sobrescritura), lo que resulta en un DLL externo que se ejecuta bajo el contexto de la aplicaci\\u00f3n.\"}]",
      "id": "CVE-2018-5238",
      "lastModified": "2024-11-21T04:08:24.160",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-08-22T17:29:00.837",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105100\", \"source\": \"secure@symantec.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.symantec.com/en_US/article.SYMSA1459.html\", \"source\": \"secure@symantec.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105100\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.symantec.com/en_US/article.SYMSA1459.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@symantec.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5238\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2018-08-22T17:29:00.837\",\"lastModified\":\"2024-11-21T04:08:24.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.\"},{\"lang\":\"es\",\"value\":\"Norton Power Eraser (en versiones anteriores a la 5.3.0.24) y SymDiag (en versiones anteriores a la 2.1.242) pueden ser susceptibles a una vulnerabilidad de precarga de DLL, que es un tipo de problema que puede ocurrir cuando una aplicaci\u00f3n busca llamar a un DLL para su ejecuci\u00f3n y un atacante proporciona un DLL malicioso para usarlo en su lugar. Dependiendo de c\u00f3mo est\u00e9 configurada la aplicaci\u00f3n, \u00e9sta por lo general seguir\u00e1 una ruta de b\u00fasqueda espec\u00edfica para localizar el DLL. La vulnerabilidad puede ser explotada mediante una escritura simple de archivo (o, potencialmente, una sobrescritura), lo que resulta en un DLL externo que se ejecuta bajo el contexto de la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.3.0.24\",\"matchCriteriaId\":\"ACDF0044-720B-457A-AE30-015735F1A3AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symdiag:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1.242\",\"matchCriteriaId\":\"6FAE0830-3B68-4348-B8DF-7C1C0B9B1E08\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105100\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.symantec.com/en_US/article.SYMSA1459.html\",\"source\":\"secure@symantec.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.symantec.com/en_US/article.SYMSA1459.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.