Symantec has released an update to address an issue that was discovered in Symantec Validation & Identification Protection (VIP) Access for Desktop.
Symantec VIP Access
|
|
CVE-2017-6329
|
Prior to 2.2.4
|
Upgrade to 2.2.4
CVE-2017-6329
Severity/CVSSv3:
|
Medium / 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
References:
Impact:
|
Securityfocus: BID 100200 / NVD: CVE-2017-6329
Code Execution
Description:
|
Symantec VIP Access for Desktop can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application.
This issue was validated by the product team engineers. A Symantec VIP Access for Windows Desktop update, version 2.2.4, has been released which addresses the aforementioned vulnerability. Note that the latest Symantec VIP release and patches are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from this issue.
Best Practices
Symantec recommends the following measures to reduce risk of attack:
CPE | Name | Operator | Version |
---|---|---|---|
symantec vip access | eq | 2 |