CyberSec.Space Logo
CVEブラウザに戻る

CVE-2015-5689

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0860%
EPSS Percentile16.32th
Published2015年9月20日
Last Modified2026年5月6日

Vulnerability Description

ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.

Affected Platforms (CPE)

📦
Symantec

Deployment Solution

= 6.9
📦
Symantec

Ghost Solutions Suite

= 1.0
📦
Symantec

Ghost Solutions Suite

= 1.1
📦
Symantec

Ghost Solutions Suite

= 1.1
📦
Symantec

Ghost Solutions Suite

= 2.0
📦
Symantec

Ghost Solutions Suite

= 2.0.1
📦
Symantec

Ghost Solutions Suite

= 2.0.2
📦
Symantec

Ghost Solutions Suite

= 2.1

References & Advisories

🔗 http://www.securityfocus.com/bid/76498
🔗 http://www.securitytracker.com/id/1033577
🔗 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150902_00
🔗 http://zerodayinitiative.com/advisories/ZDI-15-419/
🔗 http://www.securityfocus.com/bid/76498
🔗 http://www.securitytracker.com/id/1033577
🔗 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150902_00
🔗 http://zerodayinitiative.com/advisories/ZDI-15-419/

関連する脆弱性情報

CVE-2012-029010.0

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris...

CVE-2004-262210.0

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it co...

CVE-2009-317910.0

Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary...

CVE-2018-153879.8

A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on a...