|Date: (C)2017-10-04 (M)2017-10-09|
|CVSS Score: 4.4||Access Vector: LOCAL|
|Exploitability Subscore: 3.4||Access Complexity: MEDIUM|
|Impact Subscore: 6.4||Authentication: NONE|
| ||Confidentiality: PARTIAL|
| ||Integrity: PARTIAL|
| ||Availability: PARTIAL|
Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 184.108.40.206, has been released which addresses the aforementioned vulnerability.