Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1517

4 documents4 sources
Severity
4.3MEDIUM
EPSS
6.7%
top 8.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Norton Ghost
Timeline
PublishedMay 4
Latest updateMay 2

Description

Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-rx4v-23fq-74x8: Multiple insecure method vulnerabilities in the Symantec2022-05-02
CVEList
CVE-2009-1517: Multiple insecure method vulnerabilities in the Symantec2009-05-04

💥Exploits & PoCs

1
Exploit-DB
Norton Ghost Support module for EasySetup wizard - Remote Denial of Service (PoC)2009-04-23
CVE-2009-1517 (MEDIUM CVSS 4.3) | Multiple insecure method vulnerabil | cvebase.io