Symantec AppStream Client LaunchObj ActiveX Control Multiple Unsafe Methods (SYM09-001)

high Nessus Plugin ID 35403

Synopsis

The remote Windows host has an ActiveX control that can be used to download and execute arbitrary code.

Description

The version of the LaunchObj ActiveX control, a component included with Symantec AppStream Client / Altiris Streaming Agent and installed on the remote Windows host, reportedly contains a number of unsafe methods, such as 'installAppMgr()', that can be used to download and execute arbitrary code. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage these issues to execute arbitrary code on the affected system subject to the user's privileges.

Solution

Upgrade to Symantec AppStream Client 5.2.2 SP3 MP1 or later and verify that the version of the control is 5.2.2.865 or later.

See Also

http://www.symantec.com/avcenter/security/Content/2009.01.15.html

Plugin Details

Severity: High

ID: 35403

File Name: appstream_launchobj_activex_sym09_001.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 1/17/2009

Updated: 6/27/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute)

Reference Information

CVE: CVE-2008-4388

BID: 33247

CWE: 20

CERT: 194505

Secunia: 33582