Update Protection against Symantec AppStream Client LaunchObj ActiveX Control Program Execution
| Check Point Reference: | CPAI-2009-023 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA33582 | |
| Industry Reference(s): | CVE-2008-4388 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Symantec AppStream Client 5.x | ||
| Vulnerability Description A remote code execution vulnerability was reported in Symantec AppStream Client. The AppStream Client is part of a Software Virtualization Solution (SVS) which allows streaming of virtual applications to users in an enterprise environment using the AppStream Server. The vulnerability is due to failure to properly validate whether the server to which the client connects is valid and authorized or not. Remote unauthenticated attackers can exploit this vulnerability by masquerading as a valid server and convincing a client to open a crafted HTML file. Successful exploitation will lead to arbitrary files being downloaded and executed within the context of the client. |
||
|
Vulnerability Details The vulnerability exists in the LaunchObj ActiveX Control. This vulnerability is due to a design weakness as a result of which any webserver can masquerade as a legitimate AppStream server and serve the AWEClientSetup.exe. An attacker can expolit this by enticing a target user to visit a malicious web page. Successful exploitation allows execution of arbitrary code. |
Protection Overview
By enabling this protection, IPS-1 will detect and block attempts to access the ActiveX LaunchObj controls for Symantec AppStream Client.
To configure the defense, select your product from the list below and follow the related protection steps.