Description
Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022120
Exploit, URL Repurposed x_refsource_misc
http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8523
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50098
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34696
Scores
EPSS
0.0672
EPSS Percentile
91.3%
Details
Status
published
Products (1)
symantec/norton_ghost
14.0
Published
May 04, 2009
Tracked Since
Feb 18, 2026