CVE-2009-1517

Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
symantecnorton_ghost
14.0
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/34696
http://www.securitytracker.com/id?1022120
http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/50098
https://www.exploit-db.com/exploits/8523
http://www.securityfocus.com/bid/34696
http://www.securitytracker.com/id?1022120
http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/50098
https://www.exploit-db.com/exploits/8523