Authentication Flaw in Symantec AppStream and Workspace Streaming
CVE-2008-4389

Currently unrated

Key Information:

Vendor: Symantec
Status: Workspace Streaming
Vendor: CVE Published:; 17 June 2010

Summary

Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x prior to version 6.1 SP4 suffer from an authentication flaw, which exposes users to significant security risks. This vulnerability allows remote Workspace Streaming servers and potential man-in-the-middle attackers to download and execute arbitrary executable files on client systems. The lack of proper authentication can be exploited through various unspecified vectors, potentially leading to unauthorized access and control over affected systems.

References

http://www.securityfocus.com/bid/40611

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2010/1511

vdb-entryx_refsource_VUPEN

http://www.kb.cert.org/vuls/id/221257

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Jun 17, 2010
Vulnerability Reserved
Oct 2, 2008