CyberSec.Space Logo
Back to CVE Browser

CVE-2015-5689

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0860%
EPSS Percentile16.32th
PublishedSep 20, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.

Affected Platforms (CPE)

πŸ“¦
Symantec

Deployment Solution

= 6.9
πŸ“¦
Symantec

Ghost Solutions Suite

= 1.0
πŸ“¦
Symantec

Ghost Solutions Suite

= 1.1
πŸ“¦
Symantec

Ghost Solutions Suite

= 1.1
πŸ“¦
Symantec

Ghost Solutions Suite

= 2.0
πŸ“¦
Symantec

Ghost Solutions Suite

= 2.0.1
πŸ“¦
Symantec

Ghost Solutions Suite

= 2.0.2
πŸ“¦
Symantec

Ghost Solutions Suite

= 2.1

References & Advisories

πŸ”— http://www.securityfocus.com/bid/76498
πŸ”— http://www.securitytracker.com/id/1033577
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150902_00
πŸ”— http://zerodayinitiative.com/advisories/ZDI-15-419/
πŸ”— http://www.securityfocus.com/bid/76498
πŸ”— http://www.securitytracker.com/id/1033577
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150902_00
πŸ”— http://zerodayinitiative.com/advisories/ZDI-15-419/

Related Vulnerabilities

CVE-2012-029010.0

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris...

CVE-2004-262210.0

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it co...

CVE-2009-317910.0

Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary...

CVE-2018-153879.8

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on a...