cve-2018-18364
Vulnerability from cvelistv5
Published
2019-02-08 17:00
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/106684 | Third Party Advisory | |
| secure@symantec.com | https://support.symantec.com/en_US/article.SYMSA1474.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106684 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.symantec.com/en_US/article.SYMSA1474.html | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Ghost Solution Suite (GSS) |
Version: Prior to 3.3 RU1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106684",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1474.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ghost Solution Suite (GSS)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 3.3 RU1"
}
]
}
],
"datePublic": "2019-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-09T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "106684",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1474.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2018-18364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ghost Solution Suite (GSS)",
"version": {
"version_data": [
{
"version_value": "Prior to 3.3 RU1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106684"
},
{
"name": "https://support.symantec.com/en_US/article.SYMSA1474.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1474.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18364",
"datePublished": "2019-02-08T17:00:00Z",
"dateReserved": "2018-10-15T00:00:00",
"dateUpdated": "2024-09-16T22:35:04.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-18364\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2019-02-08T17:29:00.257\",\"lastModified\":\"2024-11-21T03:55:47.840\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.\"},{\"lang\":\"es\",\"value\":\"Symantec Ghost Solution Suite (GSS), en versiones anteriores a la 3.3 RU1, podr\u00eda ser susceptible a una vulnerabilidad de secuestro de DLL, que es un tipo de problema por el cual un atacante potencial intenta ejecutar c\u00f3digo inesperado en una m\u00e1quina. Esto ocurre colocando un archivo potencialmente for\u00e1neo (DLL) que el atacante intenta ejecutar mediante una aplicaci\u00f3n conectada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2510DED-29C5-4728-8FC9-E0AEAA5BA26F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C188EF7F-925B-4233-B85B-54AD0A0C677D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4789E917-D99A-4B7E-A061-7A3090DC350C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf1:*:*:*:*:*:*\",\"matchCriteriaId\":\"06742D1E-6944-4B9F-8BF8-8A41678E9803\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B384051A-6898-438A-99B6-9FC256A6B030\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E74E1685-A87A-4A11-B6C4-FAD54A43F104\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7C0B1C6-3C8A-4F7E-8AD3-5AFAA2677EB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.0:hf5:*:*:*:*:*:*\",\"matchCriteriaId\":\"5861E90B-0830-44DB-8A77-764C6712F8AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B97D085E-45E4-4FF5-88CF-E76667884419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.1:mp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A89C8D4-0880-4875-A101-9AECBB4AACDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.1:mp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A89FBDA7-4B83-47A1-9302-BD50B04EE1E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.1:mp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B77ACB5-9FE8-489C-A0D6-DB28D0FC9ABC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.1:mp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"34341314-EED5-49CE-A400-403AF575ABBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.1:mp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E7E3290-9AE0-41A5-856E-F8A27E4B052E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.1:mp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7690D5D-B1CA-4E0C-8BB6-EF39886CBFBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB3C24F1-A554-4217-BD29-A3A9763952D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.2:ru1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3059E8B2-A30A-463D-94A4-40982DC47151\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.2:ru2:*:*:*:*:*:*\",\"matchCriteriaId\":\"47FEB9B9-A945-4F5C-A7CB-DB0B9CD77C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.2:ru3:*:*:*:*:*:*\",\"matchCriteriaId\":\"817D3F61-48A1-4A09-BE47-19797424D3D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.2:ru4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D7440DF-A362-46FA-BDFD-B9E616211FE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.2:ru5:*:*:*:*:*:*\",\"matchCriteriaId\":\"927FBB58-68D2-400E-8DE0-15C4C5717464\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.2:ru6:*:*:*:*:*:*\",\"matchCriteriaId\":\"707F25BF-E3B9-4A46-AB96-BA3669C71248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.2:ru7:*:*:*:*:*:*\",\"matchCriteriaId\":\"C45F0996-B9A9-4E85-85FA-1B88B39FFE01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:ghost_solution_suite:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00D250C6-C1A6-46C1-AAB5-7274F3D542B5\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106684\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.symantec.com/en_US/article.SYMSA1474.html\",\"source\":\"secure@symantec.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106684\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.symantec.com/en_US/article.SYMSA1474.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.