The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of GSS

computer vulnerability note CVE-2016-6590

Symantec Ghost Solution Suite: code execution via DLL Loading

Synthesis of the vulnerability

An attacker can use a vulnerability via DLL Loading of Symantec Ghost Solution Suite, in order to run code.
Impacted products: Ghost Solution Suite.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet server.
Creation date: 16/11/2016.
Identifiers: CERTFR-2016-AVI-380, CVE-2016-6590, SYM16-020, VIGILANCE-VUL-21139.

Description of the vulnerability

An attacker can use a vulnerability via DLL Loading of Symantec Ghost Solution Suite, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-5689

Symantec Ghost Explorer: information disclosure

Synthesis of the vulnerability

An attacker can use a vulnerability of Symantec Ghost Explorer, in order to obtain sensitive information.
Impacted products: Ghost Solution Suite.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: user account.
Creation date: 03/09/2015.
Identifiers: BID-76498, CVE-2015-5689, SYM15-008, VIGILANCE-VUL-17807, ZDI-15-419.

Description of the vulnerability

The Symantec Ghost Explorer product contains the Ghost Explorer (ghostexp.exe) tool.

However, an attacker can force an overflow of an array index, which leads to a denial of service, or to information disclosure coming from the memory.

An attacker can therefore use a vulnerability of Symantec Ghost Explorer, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2012-0306

Symantec Ghost Solution Suite: memory corruption via backup

Synthesis of the vulnerability

An attacker can create a malicious backup file, which corrupts the memory when it is opened by Symantec Ghost Solution Suite, in order to execute code.
Impacted products: Ghost Solution Suite.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 11/10/2012.
Identifiers: BID-55748, CERTA-2012-AVI-570, CVE-2012-0306, MSVR12-018, SYM12-016, VIGILANCE-VUL-12065.

Description of the vulnerability

The Symantec Ghost Solution Suite product creates and restores data images.

However, if the backup file is malformed, the memory of Symantec Ghost Solution Suite is corrupted.

An attacker can therefore create a malicious backup file, which corrupts the memory when it is opened by Symantec Ghost Solution Suite, in order to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about GSS: