시만텍 제품군 업데이트 권고

OVERVIEW

Symantec has released an update to address a DLL loading vulnerability detected in the Norton Download Manager for affected products

 

Highest severity issue: Medium
Number of issues: 1

 

< Back to top

 

 

ISSUES

This update applies to the following issues:

TITLE	CVE	SEVERITY
Norton Download Manager DLL Loading	CVE-2016-6592	Medium

 

< Back to top

 

 

AFFECTED PRODUCTS

Symantec has verified this issue in Norton Download Manager 5.6 and prior versions. Symantec has addressed the issue in current versions of Norton Download Manager as outlined below.

 

Norton

The following products are affected. No other Symantec products or Norton products other than those listed here use the Norton Download Manager and are not impacted by this issue

 

PRODUCT	SOLUTION
Norton Family	See Mitigation Section below for update details
Norton AntiVirus
Norton AntiVirus Basic
Norton Internet Security
Norton 360
Norton 360 Premier
Norton Security
Norton Security with Backup
Norton Security Standard
Norton Security Deluxe
Norton Security Premium
Symantec Endpoint Protection Cloud

ISSUE DETAILS

 

Norton Download Manager DLL Loading

CVE-2016-6592

BID: 95444

Severity: Medium (CVSSv3: 4.6) AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Impact: Code execution

Exploitation: None

 

The Norton Download Manager is a small executable stub initially downloaded when a user visits the Norton portal to download a trial or licensed version of Norton security products and Norton Family. The Norton Download Manager is susceptible to a potential DLL loading issue. Ultimately, this issue is caused by a failure of the Norton Download Manager to use an absolute path when loading required DLLs during process startup. This can cause the default DLL search logic to be followed when looking for a required DLL. This could allow unauthorized execution provided a specifically-crafted DLL can be successfully substituted for an authorized DLL in the Norton Download Manager search path (normally the user’s browser download folder). If successfully targeted, the specifically-formatted substitute DLL would execute with the privileges of the logged-on user. In currently supported operating systems, these privileges would be at the user level for the initial actions of the Norton Download Manager as it does not require or request elevated privileges to function.

 

 

 

A remote attack against the Norton Download Manager would need to leverage known methods of trust exploitations in an attempt to compromise an authorized user. Such attempts generally require enticing an authorized user to visit a malicious or compromised website for a drive-by download or to click on a malicious link in an HTTP email to download malicious content.