Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
15 Nov 2016 Closed High 7.3 SYM16-020
Symantec has released updates to address a DLL loading issue in Symantec IT Management Suite (ITMS), Symantec Ghost Solution Suite (GSS), Symantec Encryption Desktop (SED), and Symantec Endpoint Virtualization (SEV).
Symantec was notified of a DLL loading issue impacting the Symantec ITMS, GSS, SED and SEV products. An authorized but non-privileged user could potentially leverage this issue to execute arbitrary code with elevated privileges on the system. Ultimately, this problem is caused by a failure to use an absolute path when loading DLLs during product boot up/reboot. This can cause default DLL search logic to be followed and creates the potential for an unauthorized execution of a specifically-crafted DLL substituted for the authorized DLL in the search path. If successfully accomplished, the user's code could potentially execute with the elevated privileges of the application.
An external attacker would need to successfully entice an authorized user to visit a malicious web site or click on a malicious HTML link in an email in any attempts to download malicious code to take advantage of this issue.
Symantec engineers verified this finding and have resolved it in the product upgrades indicated as solutions in the Affected Products table. For customers with Symantec IT Management Suite 7.6, ensure you update to ITMS 7.6 HF7 and then apply point fix as described in https://support.symantec.com/en_US/article.info3459.html. Product Updates are available through normal customer product download locations.
Customers should apply these upgrades to avoid potential incidents of this nature.
Symantec is not aware of exploitation of or adverse customer impact from this issue.
Himanshu Mehta (CVE-2016-6590)
Praveen Singh (CVE-2016-6590)
December 19, 2016: Added ITMS 7.6 releases prior to 7.6 HF7 to the affected products along with mitigation steps for ITMS 7.6 HF7
March 31, 2017: Added SED 10.x prior to SED 10.4.1 MP1 to the affected products with solution upgrade to SED 10.4.1 MP1
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.