Symantec Workspace Streaming < 7.5 SP1 XMLRPC Request Remote Code Execution (SYM14-009)
Critical Nessus Plugin ID 74153
SynopsisThe remote host has software installed that is affected by a remote code execution vulnerability.
DescriptionThe version of Symantec Workspace Streaming server (formerly known as Altiris Streaming System) installed on the remote Windows host is affected by a remote code execution vulnerability. This issue is caused by improper validation of HTTPS XMLRPC requests by the Management Agent (as_agent.exe) component. A remote, unauthenticated attacker could exploit this issue to execute arbitrary code.
SolutionUpgrade to 7.5 SP1 or higher.