CVE-2009-1517

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Ghost
Vendor: CVE Published:; 4 May 2009

Summary

Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.

References

http://www.securitytracker.com/id?1022120

vdb-entryx_refsource_SECTRACK

http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html

x_refsource_MISC

https://www.exploit-db.com/exploits/8523

exploitx_refsource_EXPLOIT-DB

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 4, 2009
Vulnerability Reserved
May 4, 2009