Lucene search
Andrea Micalizzi (rgod)ZDI-14-127HistoryMay 13, 2014 - 12:00 a.m.
Symantec Workspace Streaming Agent XMLRPC Request putFile Method Remote Code Execution Vulnerability
2014-05-1300:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
23
EPSS
0.974
Percentile
99.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Workspace Streaming. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SWS Agent (as_agent.exe) component. By sending a crafted XMLRPC request to this component, an attacker is able to overwrite configuration files for the Workspace Streaming server. An attacker can exploit this vulnerability to execute arbitrary code as SYSTEM.
Related
nessus
nessus
packetstorm
packetstorm
Symantec Workspace Streaming Arbitrary File Upload
2014-05-20 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2014-05-16 11:12:00
openvas
openvas
Symantec Workspace Streaming Information Disclosure Vulnerability
2016-07-18 00:00:00
cvelist
cvelist
CVE-2014-1649
2014-05-16 10:00:00
zdt
zdt
Symantec Workspace Streaming Arbitrary File Upload Exploit
2014-05-21 00:00:00
exploitdb
exploitdb
Symantec Workspace Streaming - Arbitrary File Upload (Metasploit)
2014-05-26 00:00:00
cve
cve
CVE-2014-1649
2014-05-16 11:12:00
symantec
symantec
Symantec Workspace Streaming XMLRPC Unauthenticated Access
2014-05-12 08:00:00
metasploit
metasploit
nvd
nvd
CVE-2014-1649
2014-05-16 11:12:00