CVE-2008-4388

Symantec AppStream Client < 5.2.2 SP3 MP1 - Remote Code Execution via LaunchObj ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4388. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/browser/symantec_appstream_unsafe.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in Symantec AppStream Client 5.x via the LaunchObj ActiveX control to download and execute arbitrary files. It uses an insecure method to achieve remote code execution in the context of the logged-on user.

Description

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16512

This Metasploit module exploits a vulnerability in Symantec AppStream Client 5.x via the LaunchObj ActiveX control to download and execute arbitrary files. It uses an insecure method to achieve remote code execution in the context of the logged-on user.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Symantec AppStream Client 5.x (launcher.dll 5.1.0.82)
No auth needed
Prerequisites: Target must have Symantec AppStream Client 5.x installed · Target must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/symantec_appstream_unsafe.rb

This Metasploit module exploits a vulnerability in Symantec AppStream Client 5.x via the LaunchObj ActiveX control (launcher.dll 5.1.0.82). It leverages the insecure 'installAppMgr()' method to download and execute arbitrary files in the context of the logged-on user.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Symantec AppStream Client 5.x
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX controls must be enabled in the victim's browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/194505
Patch, Vendor Advisory x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2009.01.15.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33247
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1021609

Scores

EPSS 0.3772
EPSS Percentile 98.4%

Details

CWE
CWE-20
Status published
Products (1)
symantec/appstream_client 5.2
Published Jan 20, 2009
Tracked Since Feb 18, 2026