Vulnerability Details : CVE-2008-4388
Public exploit exists!
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.
Vulnerability category: Input validationExecute code
Products affected by CVE-2008-4388
- cpe:2.3:a:symantec:appstream_client:5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4388
89.00%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-4388
-
Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute
Disclosure Date: 2009-01-15First seen: 2020-04-26exploit/windows/browser/symantec_appstream_unsafeThis module exploits a vulnerability in Symantec AppStream Client 5.x. The vulnerability is in the LaunchObj ActiveX control (launcher.dll 5.1.0.82) containing the "installAppMgr()" method. The insecure method can be exploited to download and execute arbitrary files in the
CVSS scores for CVE-2008-4388
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-4388
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4388
-
http://www.securityfocus.com/bid/33247
-
http://www.kb.cert.org/vuls/id/194505
US Government Resource
-
http://securitytracker.com/id?1021609
-
http://www.symantec.com/avcenter/security/Content/2009.01.15.html
Patch;Vendor Advisory
Jump to