CVE-2008-4388

{"id": "CVE-2008-4388", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-01-20T16:30:00.313", "references": [{"url": "http://securitytracker.com/id?1021609", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/194505", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/33247", "source": "cret@cert.org"}, {"url": "http://www.symantec.com/avcenter/security/Content/2009.01.15.html", "tags": ["Patch", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://securitytracker.com/id?1021609", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/194505", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/33247", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/avcenter/security/Content/2009.01.15.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods."}, {"lang": "es", "value": "El control LaunchObj ActiveX anterior a v5.2.2.865 en launcher.dll en Symantec AppStream Client v5.2.x anteriores a v5.2.2 SP3 MP1 no valida adecuadamente los ficheros descargados, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del m\u00e9todo \"installAppMgr\" y otros m\u00e9todos sin especificar."}], "lastModified": "2024-11-21T00:51:33.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:appstream_client:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BF0C85D-399C-4EDE-B722-18D53A08C77E"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}