Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability

2009-03-31T00:00:00
ID SAINT:FFB17F81E1CDAF2EAB8F643AD1E095CE
Type saint
Reporter SAINT Corporation
Modified 2009-03-31T00:00:00

Description

Added: 03/31/2009
CVE: CVE-2008-4388
BID: 33247
OSVDB: 51410

Background

Symantec AppStream is an application deployment framework.

Problem

The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution when a user opens a specially crafted web page.

Resolution

Upgrade to Symantec AppStream Client 5.2.2 SP3 MP1 or set the kill bit for class ID {3356DB7C-58A7-11D4-AA5C-006097314BF8} as described in Microsoft article 240797.

References

<http://www.kb.cert.org/vuls/id/194505>
<http://securityresponse.symantec.com/avcenter/security/Content/2009.01.15.html>

Limitations

Exploit works on Symantec AppStream Client 5.2.1 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows