14 matches found
CVE-2008-4388
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...
Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute
No description provided by source. $Id: symantecappstreamunsafe.rb 11127 2010-11-24 19:35:38Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Symantec AppStream Client LaunchObj ActiveX Control Code Execution (CVE-2008-4388)
A remote code execution vulnerability has been reported in Symantec AppStream Client...
Symantec AppStream LaunchObj - ActiveX Control Arbitrary File Download and Execute (Metasploit)
$Id: symantecappstreamunsafe.rb 11127 2010-11-24 19:35:38Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...
Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability
Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...
DSquare Exploit Pack: D2SEC_APPSTREAM
Name| d2secappstream ---|--- CVE| CVE-2008-4388 Exploit Pack| D2ExploitPack Description| Symantec AppStream Client LaunchObj ActiveX Arbitrary Code Execution Vulnerability Notes|...
Code injection
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...
CVE-2008-4388
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...
CVE-2008-4388
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...
Symantec AppStream Client LaunchObj ActiveX Control Multiple Unsafe Methods (SYM09-001)
The version of the LaunchObj ActiveX control, a component included with Symantec AppStream Client / Altiris Streaming Agent and installed on the remote Windows host, reportedly contains a number of unsafe methods, such as 'installAppMgr', that can be used to download and execute arbitrary code. I...
Symantec AppStream客户端LaunchObj ActiveX控件任意文件下载漏洞
BUGTRAQ ID: 33247 CVECAN ID: CVE-2008-4388 Symantec AppStream是Windows的应用程序部署框架。 AppStream Windows客户端所提供的LaunchObj ActiveX控件没有安全地调用installAppMgr方式,如果用户受骗访问了恶意网页并对该方式传送了特制参数的话,就会导致向用户系统下载并执行任意代码。 Symantec AppStream Client 5.2 临时解决方法: 在IE中禁用LaunchObj ActiveX控件,为以下CLSID设置kill bit:...