Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:408A01B27C2CAEDB54B0C67A0B6A4BD6
HistoryMar 31, 2009 - 12:00 a.m.

Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability

2009-03-3100:00:00
SAINT Corporation
download.saintcorporation.com
5

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.89

Percentile

98.8%

JSON

Added: 03/31/2009
CVE: CVE-2008-4388
BID: 33247
OSVDB: 51410

Background

Symantec AppStream is an application deployment framework.

Problem

The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution when a user opens a specially crafted web page.

Resolution

Upgrade to Symantec AppStream Client 5.2.2 SP3 MP1 or set the kill bit for class ID {3356DB7C-58A7-11D4-AA5C-006097314BF8} as described in Microsoft article 240797.

References

<http://www.kb.cert.org/vuls/id/194505&gt;
<http://securityresponse.symantec.com/avcenter/security/Content/2009.01.15.html&gt;

Limitations

Exploit works on Symantec AppStream Client 5.2.1 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows

Related

d2 1
prion 1
nvd 1
cert 1
saint 3
packetstorm 1
exploitdb 1
seebug 1
metasploit 1
checkpoint_advisories 3
symantec 1
cvelist 1
cve 1
nessus 1
d2
d2
DSquare Exploit Pack: D2SEC_APPSTREAM
2009-01-20 16:30:00
prion
prion
Code injection
2009-01-20 16:30:00
nvd
nvd
CVE-2008-4388
2009-01-20 16:30:00
cert
cert
Symantec AppStream LaunchObj ActiveX control vulnerable to arbitrary code download and execution
2009-01-15 00:00:00
saint
saint
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
2009-03-31 00:00:00
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
2009-03-31 00:00:00
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
2009-03-31 00:00:00
packetstorm
packetstorm
Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute.
2009-11-26 00:00:00
exploitdb
exploitdb
Symantec AppStream LaunchObj - ActiveX Control Arbitrary File Download and Execute (Metasploit)
2010-11-24 00:00:00
seebug
seebug
Symantec AppStream客户端LaunchObj ActiveX控件任意文件下载漏洞
2009-01-16 00:00:00
metasploit
metasploit
Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute
2009-01-18 02:19:26
checkpoint_advisories
checkpoint_advisories
Symantec AppStream Client LaunchObj ActiveX Control Code Execution (CVE-2008-4388)
2012-04-16 00:00:00
Symantec AppStream Client LaunchObj ActiveX Control (CVE-2008-4388)
2010-05-16 00:00:00
Update Protection against Symantec AppStream Client LaunchObj ActiveX Control Program Execution
2009-01-23 00:00:00
symantec
symantec
Symantec AppStream ActiveX Unauthorized Access
2009-01-15 08:00:00
cvelist
cvelist
CVE-2008-4388
2009-01-20 16:00:00
cve
cve
CVE-2008-4388
2009-01-20 16:30:00
nessus
nessus
Symantec AppStream Client LaunchObj ActiveX Control Multiple Unsafe Methods (SYM09-001)
2009-01-17 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.89

Percentile

98.8%

JSON
Related for SAINT:408A01B27C2CAEDB54B0C67A0B6A4BD6
d21prion1nvd1cert1saint3packetstorm1exploitdb1seebug1metasploit1checkpoint_advisories3symantec1cvelist1cve1nessus1