The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Symantec GSS

computer vulnerability CVE-2012-0306

Symantec Ghost Solution Suite: memory corruption via backup

Synthesis of the vulnerability

An attacker can create a malicious backup file, which corrupts the memory when it is opened by Symantec Ghost Solution Suite, in order to execute code.
Impacted products: Ghost Solution Suite.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 11/10/2012.
Identifiers: BID-55748, CERTA-2012-AVI-570, CVE-2012-0306, MSVR12-018, SYM12-016, VIGILANCE-VUL-12065.

Description of the vulnerability

The Symantec Ghost Solution Suite product creates and restores data images.

However, if the backup file is malformed, the memory of Symantec Ghost Solution Suite is corrupted.

An attacker can therefore create a malicious backup file, which corrupts the memory when it is opened by Symantec Ghost Solution Suite, in order to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Symantec GSS: