Symantec Workspace Streaming Server Authentication Arbitrary File Download Vulnerability
Symantec Workspace Streaming (formerly Symantec AppStream) is prone to a vulnerability that can allow attackers to download and execute arbitrary files.
Successful exploits will allow malicious files to be downloaded and run with the privileges of the vulnerable application.
The following are vulnerable:
Symantec AppStream 5.2.x
Symantec Workspace Streaming 6.1.x prior to 6.1 SP4
Update (June 17, 2010): This issue may be exploited through a crafted web page which references a 'aswe://' URI; other vectors using the 'aswe' protocol handler may also exist.