Lucene search

[email protected]CVE-2008-4388

HistoryJan 20, 2009 - 4:30 p.m.

CVE-2008-4388

2009-01-2016:30:00

CWE-20

[email protected]

web.nvd.nist.gov

118

cve-2008-4388

symantec

appstream client

remote code execution

activex

security vulnerability

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.937 High

EPSS

Percentile

99.1%

JSON

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.

CPENameOperatorVersion
symantec:appstream_clientsymantec appstream clienteq5.2

CPE	Name	Operator	Version
symantec:appstream_client	symantec appstream client	eq	5.2

References

securitytracker.com/id?1021609

www.kb.cert.org/vuls/id/194505

www.securityfocus.com/bid/33247

www.symantec.com/avcenter/security/Content/2009.01.15.html

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.937 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2008-4388

saint4 seebug1 d21 prion1 packetstorm1 cert1 symantec1 nessus1 cvelist1 checkpoint_advisories3