Fortinet Discovers Symantec Norton Remove and Reinstall DLL Preloading Vulnerability
Fortinet's FortiGuard Labs has discovered a DLL preloading vulnerability in Norton Remove & Reinstall.
Norton Remove & Reinstall is a small but very efficient software that was specifically designed to remove some of the Norton utilities found on your computer and optionally deploy the latest version of the removed software.
Norton Remove & Reinstall is susceptible to a DLL preloading vulnerability. The issue occurs when the application looks to load a DLL for execution and an attacker provides a malicious DLL to use instead. The application generally follows a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Users should apply the solution provided by Symantec.
Fortinet reported the vulnerability to Symantec on September 6, 2017.
Symantec confirmed the vulnerability on September 21, 2017.
Symantec released patch for it on September 26, 2017.
This vulnerability was discovered by Kushal Arvind Shah of Fortinet's FortiGuard Labs.