CVE-2009-1517 - Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt

CVE-2009-1517

Summary

Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.

References

Vulnerable Configurations

cpe:2.3:a:symantec:norton_ghost:14.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_ghost:14.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	34696
exploit-db	8523
misc	http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html
sectrack	1022120
xf	nortonghost-easysetupint-dos(50098)

Last major update

14-02-2024 - 01:17

Published

04-05-2009 - 18:30

Last modified

14-02-2024 - 01:17