CVE-2008-4388

Published Jan 20, 2009

Last updated 15 years ago

Overview

Description: The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.
Source: cret@cert.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:appstream_client:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BF0C85D-399C-4EDE-B722-18D53A08C77E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References