Improper Sign-Extend Operations in Symantec Ghost Solutions Suite and Deployment Solution
CVE-2015-5689

Currently unrated

Key Information:

Vendor: Symantec
Status: Ghost Solutions Suite; Deployment Solution
Vendor: CVE Published:; 20 September 2015

Summary

The Ghost Explorer Utility within Symantec Ghost Solutions Suite and Deployment Solution is vulnerable due to improper sign-extend operations performed before accessing array elements. This flaw could be exploited by remote attackers to execute arbitrary code, leading to potential denial of service or the unauthorized disclosure of sensitive information via a specially crafted Ghost image.

References

http://zerodayinitiative.com/advisories/ZDI-15-419/

x_refsource_MISC

http://www.securitytracker.com/id/1033577

vdb-entryx_refsource_SECTRACK

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 20, 2015
Vulnerability Reserved
Jul 28, 2015