Symantec Workspace Streaming < 7.5 SP1 XMLRPC Request Remote Code Execution (SYM14-009)

Critical Nessus Plugin ID 74153


The remote host has software installed that is affected by a remote code execution vulnerability.


The version of Symantec Workspace Streaming server (formerly known as Altiris Streaming System) installed on the remote Windows host is affected by a remote code execution vulnerability. This issue is caused by improper validation of HTTPS XMLRPC requests by the Management Agent (as_agent.exe) component. A remote, unauthenticated attacker could exploit this issue to execute arbitrary code.


Upgrade to 7.5 SP1 or higher.

See Also

Plugin Details

Severity: Critical

ID: 74153

File Name: symantec_wss_sym14-009.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2014/05/23

Modified: 2016/12/14

Dependencies: 74152

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:symantec:workspace_streaming, cpe:/a:symantec:appstream

Required KB Items: SMB/symantec_workspace_streaming_server/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/05/10

Vulnerability Publication Date: 2014/05/12

Exploitable With

Core Impact

Metasploit (Symantec Workspace Streaming ManagementAgentServer.putFile XMLRPC Request Arbitrary File Upload)

Reference Information

CVE: CVE-2014-1649

BID: 67189

OSVDB: 106923