Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4388

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4388
Last Modified 18 May 2009 12:00:00
Published 20 Jan 2009 11:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4388

Summary

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.

Vulnerable Systems

Application

  • Symantec Appstream Client 5.2


References

CERT-VN - VU#194505

CONFIRM - http://www.symantec.com/avcenter/security/Content/2009.01.15.html

BID - 33247

SECTRACK - 1021609


Last Updated: 27 May 2016 10:48:28