CVE-2018-5238 - OpenCVE

Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Norton Power Eraser Symdiag

Configuration 1 [-]

OR	cpe:2.3:a:symantec:norton_power_eraser::::::::
	cpe:2.3:a:symantec:symdiag::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105100
https://support.symantec.com/en_US/article.SYMSA1459.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2018-08-22T17:00:00Z

Updated: 2024-09-17T00:21:49.834Z

Reserved: 2018-01-05T00:00:00

Link: CVE-2018-5238

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-08-22T17:29:00.837

Modified: 2018-11-14T15:39:06.963

Link: CVE-2018-5238

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Norton Power Eraser", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "Prior to 5.3.0.24"}]}, {"product": "SymDiag", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "Prior to 2.1.242"}]}], "datePublic": "2018-08-15T00:00:00", "descriptions": [{"lang": "en", "value": "Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."}], "problemTypes": [{"descriptions": [{"description": "DLL Preloading", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-23T09:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"}, {"name": "105100", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105100"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-08-15T00:00:00", "ID": "CVE-2018-5238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Norton Power Eraser", "version": {"version_data": [{"version_value": "Prior to 5.3.0.24"}]}}, {"product_name": "SymDiag", "version": {"version_data": [{"version_value": "Prior to 2.1.242"}]}}]}, "vendor_name": "Symantec Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DLL Preloading"}]}]}, "references": {"reference_data": [{"name": "https://support.symantec.com/en_US/article.SYMSA1459.html", "refsource": "CONFIRM", "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"}, {"name": "105100", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105100"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:42.717Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"}, {"name": "105100", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105100"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2018-5238", "datePublished": "2018-08-22T17:00:00Z", "dateReserved": "2018-01-05T00:00:00", "dateUpdated": "2024-09-17T00:21:49.834Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACDF0044-720B-457A-AE30-015735F1A3AE", "versionEndExcluding": "5.3.0.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:symdiag:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FAE0830-3B68-4348-B8DF-7C1C0B9B1E08", "versionEndExcluding": "2.1.242", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."}, {"lang": "es", "value": "Norton Power Eraser (en versiones anteriores a la 5.3.0.24) y SymDiag (en versiones anteriores a la 2.1.242) pueden ser susceptibles a una vulnerabilidad de precarga de DLL, que es un tipo de problema que puede ocurrir cuando una aplicaci\u00f3n busca llamar a un DLL para su ejecuci\u00f3n y un atacante proporciona un DLL malicioso para usarlo en su lugar. Dependiendo de c\u00f3mo est\u00e9 configurada la aplicaci\u00f3n, \u00e9sta por lo general seguir\u00e1 una ruta de b\u00fasqueda espec\u00edfica para localizar el DLL. La vulnerabilidad puede ser explotada mediante una escritura simple de archivo (o, potencialmente, una sobrescritura), lo que resulta en un DLL externo que se ejecuta bajo el contexto de la aplicaci\u00f3n."}], "id": "CVE-2018-5238", "lastModified": "2018-11-14T15:39:06.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-22T17:29:00.837", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105100"}, {"source": "secure@symantec.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}