CVE-2008-4388

Published: Jan 20, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.

Affected (1)

Products: Symantec: Appstream Client

1 product

Appstream Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Symantec Appstream Client	Version 5.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://securitytracker.com/id?1021609

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/194505

Source: cret@cert.org

US Government Resource

http://www.securityfocus.com/bid/33247

Source: cret@cert.org

http://www.symantec.com/avcenter/security/Content/2009.01.15.html

Source: cret@cert.org

PatchVendor Advisory

http://securitytracker.com/id?1021609

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/194505

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/33247

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.symantec.com/avcenter/security/Content/2009.01.15.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.