CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.8%
Added: 03/31/2009
CVE: CVE-2008-4388
BID: 33247
OSVDB: 51410
Symantec AppStream is an application deployment framework.
The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution when a user opens a specially crafted web page.
Upgrade to Symantec AppStream Client 5.2.2 SP3 MP1 or set the kill bit for class ID {3356DB7C-58A7-11D4-AA5C-006097314BF8} as described in Microsoft article 240797.
<http://www.kb.cert.org/vuls/id/194505>
<http://securityresponse.symantec.com/avcenter/security/Content/2009.01.15.html>
Exploit works on Symantec AppStream Client 5.2.1 and requires a user to open the exploit page in Internet Explorer.
Windows