Symantec Backup Exec System Recovery 2010 SP5 imapi.dll untrusted search path
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.9 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in Symantec Backup Exec System Recovery 2010 SP5. The impacted element is an unknown function in the library imapi.dll. Performing a manipulation results in untrusted search path. This vulnerability was named CVE-2012-0305. There is no available exploit. It is suggested to upgrade the affected component.
Details
A vulnerability was found in Symantec Backup Exec System Recovery 2010 SP5 (Backup Software). It has been classified as critical. This affects an unknown code in the library imapi.dll. The manipulation with an unknown input leads to a untrusted search path vulnerability. CWE is classifying the issue as CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
The weakness was presented 07/20/2012 by Nenad Stojanovski as SYM12-012 as confirmed advisory (Website). The advisory is shared at symantec.com. The public release was coordinated in cooperation with Symantec. This vulnerability is uniquely identified as CVE-2012-0305 since 01/04/2012. The exploitability is told to be difficult. An attack has to be approached locally. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1574 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 60161 (Symantec System Recovery 2011 imapi.dll Path Subversion Arbitrary DLL Injection Code Execution (SYM12-012)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows.
Upgrading to version 2010 SP5 or 2011 SP2 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (77107), Tenable (60161), SecurityFocus (BID 54594†), OSVDB (84124†) and Secunia (SA50033†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.3VulDB Meta Temp Score: 8.9
VulDB Base Score: 9.3
VulDB Temp Score: 8.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Untrusted search pathCWE: CWE-426
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 60161
Nessus Name: Symantec System Recovery 2011 imapi.dll Path Subversion Arbitrary DLL Injection Code Execution (SYM12-012)
Nessus File: 🔍
Nessus Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Backup Exec System Recovery 2010 SP5/2011 SP2
Timeline
01/04/2012 🔍07/20/2012 🔍
07/20/2012 🔍
07/20/2012 🔍
07/23/2012 🔍
07/23/2012 🔍
07/23/2012 🔍
07/23/2012 🔍
07/25/2012 🔍
07/31/2012 🔍
07/31/2012 🔍
07/31/2012 🔍
04/15/2017 🔍
Sources
Vendor: symantec.comAdvisory: SYM12-012
Researcher: Nenad Stojanovski
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2012-0305 (🔍)
GCVE (CVE): GCVE-0-2012-0305
GCVE (VulDB): GCVE-100-5793
IAVM: 🔍
X-Force: 77107
SecurityFocus: 54594 - Symantec System Recovery CVE-2012-0305 DLL Loading Arbitrary Code Execution Vulnerability
Secunia: 50033 - Symantec Two Products Insecure Library Loading Vulnerability, Highly Critical
OSVDB: 84124
SecurityTracker: 1027290 - Symantec Backup Exec System Recovery and Symantec System Recovery DLL Loading Error Lets Remote Users Execute Arbitrary Code
Vulnerability Center: 35777 - Symantec System Recovery and Backup Exec System Recovery Local Privileges Escalation, High
Entry
Created: 07/31/2012 17:52Updated: 04/15/2017 16:09
Changes: 07/31/2012 17:52 (73), 04/15/2017 16:09 (12)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.