Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Symantec releases patch for application delivery program

Symantec is warning of a vulnerability in its AppStream product but has created a patch.

Symantec and the U.S. Computer Emergency Readiness Team are warning about a serious vulnerability within the company's AppStream product, used for steaming applications from a central server to thin-client desktops, though a patch has been released.

The product affected is AppStream version 5.2, which is part of the Symantec Endpoint Virtualization Suite formerly known as Software Virtualization Solution (SVS) Pro.

The problem lies in the LaunchObj ActiveX control, which fails to validate external input when called on by an unauthorized server. CERT wrote in a brief advisory on Friday that if a user can be convinced into viewing a specially crafted HTML (Hypertext Markup Language) document, a hacker could execute arbitrary code with the privileges of that user.

Symantec has created an update to fix the problem and advised administrators to apply it.

Both Symantec and CERT discovered the flaw, which Symantec rated as "high" severity. However, it appears that no exploits have been publicly released.

Symantec acquired AppStream in April 2008. Symantec had sold the AppStream software since 2006.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Appstream, AppStream, CERT, Symantec
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: AppStream, symantec
Latest Blog Posts
Whitepapers
  • Oracle Exadata Database Machine Warehouse Architectural Comparisons
    Exadata is Oracle’s fastest growing new product. Much of the growth of Exadata has come at the expense of specialized data warehouse appliance vendors. These vendors have published competitive comparisons to Exadata, claiming: Architecture is what really matters for performance, Purpose-built data warehousing architectures perform best, They see architecture as an end in itself rather than as a means to an end. Read on.
    Learn more »
  • Unified Monitoring™ A Business Perspective
    The enterprise computing landscape has changed dramatically. Virtualisation, outsourcing, SaaS, and cloud computing are creating fundamental changes, and ushering in an era in which enterprises distribute increasingly critical IT assets and applications across multiple service providers.This paper explores today’s computing trends and their monitoring implications in detail. In addition, it reveals how a new monitoring paradigm architecture, that uniquely addresses the monitoring realities of today’s and tomorrow’s enterprises—whether they rely on internal platforms, external service providers, or a combination of both.
    Learn more »
  • So Long, Silos: Why Multi-Domain MDM Is Better For Your Business
    Say “so long” to silos. This white paper explains why a multi-domain MDM solution is far better than single-domain, single-focused point solutions. You’ll learn what to look for in a multi-domain solution so you don’t outgrow it or are forced to purchase multiple products down the road. You’ll also get tips on how to select a multi-domain solution that can lead to multiple benefits over many years. The age of multi-domain MDM is here. See why you should say “hello” to it!
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments