CVE-2015-5689

Published Sep 20, 2015

Last updated 8 years ago

CVSS info 6.8

Overview

Description: ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.
Source: secure@symantec.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:deployment_solution:6.9:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3BE5757-329A-4D6D-A281-2CF8AF524D8E"
          },
          {
            "criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CC78C2D-E376-40C9-A413-E7F1740F8CF1"
          },
          {
            "criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A66AA7A-B410-45E8-8BB0-1F349BB30422"
          },
          {
            "criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:1.1:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A6A9D9C-86A7-46E9-92F4-E0B3BA13E17E"
          },
          {
            "criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20F9D50A-80D2-4A4B-A01C-19788DD2DB9A"
          },
          {
            "criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFEA8748-EE69-4803-96B1-9359F45022C7"
          },
          {
            "criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AC11F79-EED1-43D8-9C8C-437976FCF0E2"
          },
          {
            "criteria": "cpe:2.3:a:symantec:ghost_solutions_suite:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "021478CB-EBCD-4227-A29D-BC6480CB738C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References