Main Vulnerability Database Vulnerabilities #VU17747

Insecure DLL loading in Ghost Solution Suite - CVE-2018-18364

Published: February 18, 2019

Vulnerability identifier: #VU17747

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green

CVE-ID: CVE-2018-18364

CWE-ID: CWE-427

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Broadcom

Affected software:
Ghost Solution Suite

Detailed vulnerability description

The vulnerability allows an adjacent authenticated attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.

How to mitigate CVE-2018-18364

Update to version 3.3 RU1.

Sources

https://support.symantec.com/en_US/article.SYMSA1474.html

Insecure DLL loading in Ghost Solution Suite - CVE-2018-18364

Detailed vulnerability description

How to mitigate CVE-2018-18364

Sources

Please verify you're human