Symantec is not aware of exploitation of or adverse customer impact from this issue.
Product Updates are available through normal customer product download locations.Ĭustomers should apply these upgrades to avoid potential incidents of this nature.
Html executable path errors with mp4 update#
For customers with Symantec IT Management Suite 7.6, ensure you update to ITMS 7.6 HF7 and then apply point fix as described in. Symantec engineers verified this finding and have resolved it in the product upgrades indicated as solutions in the Affected Products table. If successfully accomplished, the user's code could potentially execute with the elevated privileges of the application.Īn external attacker would need to successfully entice an authorized user to visit a malicious web site or click on a malicious HTML link in an email in any attempts to download malicious code to take advantage of this issue. This can cause default DLL search logic to be followed and creates the potential for an unauthorized execution of a specifically-crafted DLL substituted for the authorized DLL in the search path. Ultimately, this problem is caused by a failure to use an absolute path when loading DLLs during product boot up/reboot. An authorized but non-privileged user could potentially leverage this issue to execute arbitrary code with elevated privileges on the system.
Symantec was notified of a DLL loading issue impacting the Symantec ITMS, GSS, SED and SEV products. Symantec has released updates to address a DLL loading issue in Symantec IT Management Suite (ITMS), Symantec Ghost Solution Suite (GSS), Symantec Encryption Desktop (SED), and Symantec Endpoint Virtualization (SEV).
0 kommentar(er)
