What is CVE-2008-4388?

CVE-2008-4388 is a vulnerability in N/a. Published 2009-01-20.

Is CVE-2008-4388 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-4388

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppM…

EPSS: 0.634 (98.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

VU#194505 (x_refsource_CERT-VN, third-party-advisory)
www.symantec.com/avcenter/security/Content/2009.01.15.html (x_refsource_CONFIRM)
33247 (vdb-entry, x_refsource_BID)
1021609 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2008-4388?: CVE-2008-4388 is a vulnerability in N/a. Published 2009-01-20.
Is CVE-2008-4388 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.