CVE-2018-5235
https://notcve.org/view.php?id=CVE-2018-5235
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. Norton Utilities (en versiones anteriores a la 16.0.3.44) puede ser susceptible a una vulnerabilidad de precarga de DLL, que es un tipo de problema que puede ocurrir cuando una aplicación busca llamar a un DLL para su ejecución y un atacante proporciona un DLL malicioso para usarlo en su lugar. Dependiendo de cómo esté configurada la aplicación, ésta por lo general seguirá una ruta de búsqueda específica para localizar el DLL. • http://www.securityfocus.com/bid/105099 https://support.symantec.com/en_US/article.SYMSA1459.html • CWE-427: Uncontrolled Search Path Element •
CVE-1999-1380
https://notcve.org/view.php?id=CVE-1999-1380
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. • http://mlarchive.ima.com/win95/1997/May/0342.html http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html http://www.iss.net/security_center/static/7188.php http://www.net-security.sk/bugs/NT/nu20.html •