DLL Loading in Symantec SWV
search cancel

DLL Loading in Symantec SWV

book

Article ID: 164284

calendar_today

Updated On:

Products

Workspace Streaming (formerly AppStream)

Issue/Introduction

DLL loading in SWV in 7.x versions
 

Environment

SWV 7.5.xxx and SWV 7.6 HF6 and below.

Cause

Symantec was notified of a DLL loading issue impacting the Symantec ITMS, GSS, and SEV products. An authorized but non-privileged user could potentially leverage this issue to execute arbitrary code with elevated privileges on the system. Ultimately, this problem is caused by a failure to use an absolute path when loading DLLs during product boot up/reboot

Resolution

upgrade to 7.6 HF7 or above. 

Mitigation/Workaround:

Symantec engineers verified this finding and have resolved it in the product upgrades indicated as SWV upgrade. Product Updates are available through normal customer locations.

Customers should apply these upgrades to avoid potential incidents of this nature.

Symantec is not aware of exploitation of or adverse customer impact from this issue.

Best Practices:

see https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161115_00#_DLL_Loading_in