Insecure Methods in Symantec Norton Ghost 14 ActiveX Control
CVE-2009-1517

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Ghost
Vendor: CVE Published:; 4 May 2009

Summary

The Symantec Norton Ghost 14 application contains multiple vulnerabilities in the EasySetup ActiveX control (EasySetupInt.dll 14.0.4.30167). These flaws allow remote attackers to exploit insecure methods, resulting in potential denial of service conditions through browser crashes. Attackers could also leverage certain inputs to methods such as GetBackupLocationPath, CallUninstall, SetupDeleteVolume, CanUseEasySetup, CallAddInitialProtection, and CallTour to execute arbitrary code. This vulnerability places users at risk, necessitating prompt action for remediation.

References

http://www.securitytracker.com/id?1022120

vdb-entryx_refsource_SECTRACK

http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html

x_refsource_MISC

https://www.exploit-db.com/exploits/8523

exploitx_refsource_EXPLOIT-DB

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 4, 2009
Vulnerability Reserved
May 4, 2009