漏洞标题
N/A
漏洞描述信息
Norton Remove & Reinstall可能会被 DLL预加载漏洞所攻击。当应用程序试图调用一个 DLL 进行执行时,攻击者会提供一个恶意的 DLL 供使用。根据应用程序的配置文件,它通常会遵循特定的搜索路径来找到 DLL。该漏洞可以通过简单的文件写入(或 potentially 覆盖)来利用,在应用程序上下文中运行一个外国 DLL。已发布 Norton Remove & Reinstall 更新,版本 4.4.0.58,解决了上述漏洞。
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Symantec Norton Remove & Reinstall 代码注入漏洞
漏洞描述信息
Symantec Norton Remove & Reinstall是美国赛门铁克(Symantec)公司的一套用于卸载和重新安装Norton杀毒产品的工具。 Symantec Norton Remove & Reinstall 4.4.0.58之前的版本中存在安全漏洞。本地攻击者可利用该漏洞在应用程序的上下文中运行恶意的DLL文件。
CVSS信息
N/A
漏洞类别
代码注入