Symantec Ghost Solution Suite Backup File Handling Memory Corruption (SYM12-016)
Medium Nessus Plugin ID 62716
SynopsisThe remote Windows host has an application installed that is affected by a memory corruption vulnerability.
DescriptionThe Symantec Ghost Solution Suite install on the remote Windows host is earlier than build 220.127.116.1120. As such, it is potentially affected by a memory corruption vulnerability when parsing specially crafted '.gho' files. By exploiting this flaw, a remote attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application.
SolutionIf necessary, upgrade to Symantec Ghost Solution Suite version 2.5.1 and ensure that the install is build 18.104.22.1686 or above. Then apply patch GSS25x_b2620, which results in build 22.214.171.12420.