Vulnerabilities > CVE-2009-1517 - Unspecified vulnerability in Symantec Norton Ghost 14.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN symantec
exploit available
Summary
Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Norton Ghost Support module for EasySetup wizard Remote DoS PoC. CVE-2009-1517. Dos exploit for windows platform |
| file | exploits/windows/dos/8523.txt |
| id | EDB-ID:8523 |
| last seen | 2016-02-01 |
| modified | 2009-04-23 |
| platform | windows |
| port | |
| published | 2009-04-23 |
| reporter | shinnai |
| source | https://www.exploit-db.com/download/8523/ |
| title | Norton Ghost Support module for EasySetup wizard Remote DoS PoC |
| type | dos |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34696 CVE(CAN) ID: CVE-2009-1517 Symantec Norton Ghost是一个备份恢复系统,允许用户将系统恢复到之前的快照状态。 Norton Ghost的EasySetup安装向导的EasySetupInt.dll库提供了名为Symantec.EasySetup.1的ActiveX控件,该控件没有正确地验证对GetBackupLocationPath、CallUninstall、SetupDeleteVolume、 CanUseEasySetup、CallAddInitialProtection、CallTour等方式所传送的输入。如果用户受骗访问了恶意网页并向上述方式提供了超长输入参数的话,就可能导致拒绝服务。 Symantec Norton Ghost 14.0 临时解决方法: * 为clsid:7972D5BE-2213-4B28-884C-F8F82432EAA5设置kill-bit。 厂商补丁: Symantec -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.symantec.com/ target=_blank rel=external nofollow>http://www.symantec.com/</a> |
| id | SSV:11213 |
| last seen | 2017-11-19 |
| modified | 2009-05-06 |
| published | 2009-05-06 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-11213 |
| title | Symantec Norton Ghost Symantec.EasySetup.1 ActiveX控件拒绝服务漏洞 |