Vulnerability CVE-2008-4388


Published: 2009-01-20   Modified: 2012-02-12

Description:
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Appstream client 

 References:
http://www.kb.cert.org/vuls/id/194505
http://www.symantec.com/avcenter/security/Content/2009.01.15.html
http://www.securityfocus.com/bid/33247
http://securitytracker.com/id?1021609

Copyright 2024, cxsecurity.com

 

Back to Top