CVE-2016-6593 Symantec VIP Access Desktop Arbitrary DLL Execution Vulnerability (SYM16-023)

Symantec Validation and ID Protection (VIP) Access Desktop is a free online security credential that you can download to your computer desktop.

Symantec VIP Access Desktop does not verify the DLLs it loads from its startup path.

Affected Version:
Symantec VIP Access Desktop versions prior to 2.2.3

A local attacker could exploit this vulnerability to load malicious DLL in the context of logged in user.

The vendor has released a fix for this vulnerability. Refer to SYM16-016 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SYM16-023