Symantec Workspace Streaming Server Authentication Arbitrary File Download Vulnerability

Symantec Workspace Streaming (formerly Symantec AppStream) is prone to a vulnerability that can allow attackers to download and execute arbitrary files.

Successful exploits will allow malicious files to be downloaded and run with the privileges of the vulnerable application.

The following are vulnerable:

Symantec AppStream 5.2.x
Symantec Workspace Streaming 6.1.x prior to 6.1 SP4

Update (June 17, 2010): This issue may be exploited through a crafted web page which references a 'aswe://' URI; other vectors using the 'aswe' protocol handler may also exist.


Privacy Statement
Copyright 2010, SecurityFocus