Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-1385
HistoryNov 15, 2016 - 8:00 a.m.

DLL Loading Issue in Symantec Enterprise Products

2016-11-1508:00:00
Symantec Security Response
14

0.002 Low

EPSS

Percentile

53.3%

JSON

SUMMARY

Symantec has released updates to address a DLL loading issue in Symantec IT Management Suite (ITMS), Symantec Ghost Solution Suite (GSS), Symantec Encryption Desktop (SED), and Symantec Endpoint Virtualization (SEV).

AFFECTED PRODUCTS

Symantec IT Management Suite 8.0

CVE

|

Affected Version(s)

|

Remediation

CVE-2016-6590

|

Prior to 8.0 HF4

|

Upgrade to 8.0 HF4

Symantec IT Management Suite 7.6

CVE

|

Affected Version(s)

|

Remediation

CVE-2016-6590

|

Prior to 7.6 HF7

|

Upgrade to 7.6 HF7

Symantec Ghost Solution Suite

CVE

|

Affected Version(s)

|

Remediation

CVE-2016-6590

|

Prior to 3.1 MP4

|

Upgrade to 3.1 MP4

Symantec Endpoint Virtualization

CVE

|

Affected Version(s)

|

Remediation

CVE-2016-6590

|

Prior to 7.6 HF7

|

Upgrade to 7.6 HF7

Symantec Encryption Desktop

CVE

|

Affected Version(s)

|

Remediation

CVE-2016-6590

|

Prior to 10.4.1 MP1

|

Upgrade to 10.4.1 MP1

ISSUES

CVE-2016-6590

Severity/CVSSv3:

|

High / 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References:

Impact:

|

Securityfocus: BID 94279 / NVD: CVE-2016-6590

Code execution

Description:

|

Symantec was notified of a DLL loading issue impacting the Symantec ITMS, GSS, SED and SEV products. An authorized but non-privileged user could potentially leverage this issue to execute arbitrary code with elevated privileges on the system. Ultimately, this problem is caused by a failure to use an absolute path when loading DLLs during product boot up/reboot. This can cause default DLL search logic to be followed and creates the potential for an unauthorized execution of a specifically-crafted DLL substituted for the authorized DLL in the search path. If successfully accomplished, the user’s code could potentially execute with the elevated privileges of the application.

An external attacker would need to successfully entice an authorized user to visit a malicious web site or click on a malicious HTML link in an email in any attempts to download malicious code to take advantage of this issue.

MITIGATION

Symantec engineers verified this finding and have resolved it in the product upgrades indicated as solutions in the Affected Products table. For customers with Symantec IT Management Suite 7.6, ensure you update to ITMS 7.6 HF7 and then apply point fix as described in <https://support.symantec.com/en_US/article.info3459.html&gt;. Product Updates are available through normal customer product download locations.

Customers should apply these upgrades to avoid potential incidents of this nature.

Symantec is not aware of exploitation of or adverse customer impact from this issue.

ACKNOWLEDGEMENTS

  • Himanshu Mehta (CVE-2016-6590)
  • Praveen Singh (CVE-2016-6590)

REVISION

  • December 19, 2016: Added ITMS 7.6 releases prior to 7.6 HF7 to the affected products along with mitigation steps for ITMS 7.6 HF7
  • March 31, 2017: Added SED 10.x prior to SED 10.4.1 MP1 to the affected products with solution upgrade to SED 10.4.1 MP1

Related

nvd 1
cve 1
prion 1
cvelist 1
nvd
nvd
CVE-2016-6590
2020-01-08 16:15:10
cve
cve
CVE-2016-6590
2020-01-08 16:15:10
prion
prion
Privilege escalation
2020-01-08 16:15:00
cvelist
cvelist
CVE-2016-6590
2020-01-08 15:43:33

0.002 Low

EPSS

Percentile

53.3%

JSON
Related for SMNTC-1385
nvd1cve1prion1cvelist1