Symantec AppStream LaunchObj - ActiveX Control Arbitrary File Download and Execute (Metasploit)

$Id: symantecappstreamunsafe.rb 11127 2010-11-24 19:35:38Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute.

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Symantec AppStrea...

Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability

Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...

Code injection

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...

Symantec AppStream客户端LaunchObj ActiveX控件任意文件下载漏洞

BUGTRAQ ID: 33247 CVECAN ID: CVE-2008-4388 Symantec AppStream是Windows的应用程序部署框架。 AppStream Windows客户端所提供的LaunchObj ActiveX控件没有安全地调用installAppMgr方式，如果用户受骗访问了恶意网页并对该方式传送了特制参数的话，就会导致向用户系统下载并执行任意代码。 Symantec AppStream Client 5.2 临时解决方法： 在IE中禁用LaunchObj ActiveX控件，为以下CLSID设置kill bit：...