The Norton Download Manager is a small executable stub initially downloaded when a user visits the Norton portal to download a trial or licensed version of Norton security products and Norton Family. The Norton Download Manager is susceptible to a potential DLL loading issue. Ultimately, this issue is caused by a failure of the Norton Download Manager to use an absolute path when loading required DLLs during process startup. This can cause the default DLL search logic to be followed when looking for a required DLL. This could allow unauthorized execution provided a specifically-crafted DLL can be successfully substituted for an authorized DLL in the Norton Download Manager search path (normally the user’s browser download folder). If successfully targeted, the specifically-formatted substitute DLL would execute with the privileges of the logged-on user. In currently supported operating systems, these privileges would be at the user level for the initial actions of the Norton Download Manager as it does not require or request elevated privileges to function.
A remote attack against the Norton Download Manager would need to leverage known methods of trust exploitations in an attempt to compromise an authorized user. Such attempts generally require enticing an authorized user to visit a malicious or compromised website for a drive-by download or to click on a malicious link in an HTTP email to download malicious content.
Norton Download Manager is not updated though Liveupdate. Customers first download Norton Download Manager during the initial install of a Norton security product and it is normally a run-once application to manage the download and install of the selected Norton product. There is some potential that users may need to run a previously downloaded version of Norton Download Manager in the following scenarios:
Norton Download Manager has not been run since it was initially downloaded from the Norton portal
Norton Download Manager failed to download the full product installer
The full product installer itself failed during installation
The upgrade solution for impacted customers is to:
Delete any previously downloaded version of Norton Download Manager, version 5.6 or earlier
Download the updated version of Norton Download Manager currently posted to the Norton portal that is associated with their Norton security product
Customers and users who want to download a trial version of a Norton security or Norton Family product can visit the Norton website. Once there, navigate to PRODUCT & SERVICES and select Free Trials.