// For flags

CVE-2008-4388

Symantec AppStream LaunchObj - ActiveX Control Arbitrary File Download and Execute

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.

El control LaunchObj ActiveX anterior a v5.2.2.865 en launcher.dll en Symantec AppStream Client v5.2.x anteriores a v5.2.2 SP3 MP1 no valida adecuadamente los ficheros descargados, lo que permite a atacantes remotos ejecutar código de su elección a través del método "installAppMgr" y otros métodos sin especificar.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-10-02 CVE Reserved
  • 2009-01-20 CVE Published
  • 2010-11-24 First Exploit
  • 2024-09-16 CVE Updated
  • 2024-11-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
 Appstream Client
Search vendor "Symantec" for product "Appstream Client"
 5.2
Search vendor "Symantec" for product "Appstream Client" and version "5.2"
-
Affected