CVE-2008-4388

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...

Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute

No description provided by source. $Id: symantecappstreamunsafe.rb 11127 2010-11-24 19:35:38Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Symantec AppStream Client LaunchObj ActiveX Control Code Execution (CVE-2008-4388)

A remote code execution vulnerability has been reported in Symantec AppStream Client...

Symantec AppStream Client LaunchObj ActiveX Control (CVE-2008-4388)

The AppStream Client is part of a Software Virtualization Solution SVS which allows streaming of virtual applications to users in an enterprise environment using the AppStream Server. It provides centralized delivery and licensing mechanism which allows controlled access to any Windows Applicatio...

Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability

Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...

Code injection

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...

CVE-2008-4388

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...

CVE-2008-4388

CVE-2008-4388 affects Symantec AppStream Client 5.x with the LaunchObj ActiveX control (launcher.dll) prior to 5.2.2 SP3 MP1. The issue arises in the installAppMgr() method (and unspecified other methods), where downloaded files are not properly validated, enabling remote code execution via a cra...

Symantec AppStream Client LaunchObj ActiveX Control Multiple Unsafe Methods (SYM09-001)

The version of the LaunchObj ActiveX control, a component included with Symantec AppStream Client / Altiris Streaming Agent and installed on the remote Windows host, reportedly contains a number of unsafe methods, such as 'installAppMgr', that can be used to download and execute arbitrary code. I...