CERT-In Vulnerability Note CIVN-2009-18
Symantec ActiveX control LaunchObj vulnerability
Original Issue Date:January 29, 2009
Severity Rating:
High
Systems Affected
- Symantec AppStream Client 5.2.x
Overview
A vulnerability has been reported in an ActiveX control in Symantec AppStream Client which could be exploited by an attacker to execute arbitrary code onto the user's system.
Description
A vulnerability has been reported in an ActiveX control named LaunchObj which exists in Symantec AppStream Client. This vulnerability exists as ActiveX control fails to properly validate external inputs.
An attacker can exploit this vulnerability by downloading and executing the arbitrary code into the client system which may crash the browser or allow unauthorized access to add, modify, overwrite or corrupt existing files on the targeted system.
Solution
Product updates are available from the Symantec support site:
http://www.symantec.com/business/endpoint-virtualization-suite
Vendor Information
Symantec
http://www.symantec.com/avcenter/security/Content/2009.01.15.html
References
Symantec
http://www.symantec.com/avcenter/security/Content/2009.01.15.html
SecurityTracker
http://securitytracker.com/alerts/2009/Jan/1021609.html
Secunia
http://secunia.com/advisories/cve_reference/CVE-2008-4388/
CVE Name
CVE-2008-4388
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
