CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6329
https://notcve.org/view.php?id=CVE-2017-6329
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. Symantec VIP Access for Desktop en versiones anteriores a la 2.2.4 puede ser susceptible a una vulnerabilidad de precarga de DLL. • http://www.securityfocus.com/bid/100200 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170821_00 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-6593 – Symantec VIP Access Arbitrary DLL Execution
https://notcve.org/view.php?id=CVE-2016-6593
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. Existe una vulnerabilidad de ejecución de código durante el inicio en las bibliotecas jhi.dll y otpiha.dll en Symantec VIP Access Desktop versiones anteriores a la versión 2.2.2, lo que podría permitir a usuarios maliciosos locales ejecutar código arbitrario. Symantec VIP Access versions prior to 2.2.2 suffer from an arbitrary dll execution vulnerability. • http://packetstormsecurity.com/files/140098/Symantec-VIP-Access-Arbitrary-DLL-Execution.html http://www.securityfocus.com/archive/1/539889/100/0/threaded http://www.securityfocus.com/bid/94731 https://support.symantec.com/us/en/article.symsa1388.html • CWE-426: Untrusted Search Path •