CVE-2015-5689

Name of the Vulnerable Software and Affected Versions Symantec Ghost Solutions Suite (GSS) versions prior to 3.0 HF2 12.0.0.8010 Symantec Deployment Solution (DS) versions prior to 7.6 HF4 12.0.0.7045

Description The issue is related to improper sign-extend operations before array-element accesses in the ghostexp.exe component of Symantec Ghost Solutions Suite (GSS) and Symantec Deployment Solution (DS). This allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.

Recommendations For Symantec Ghost Solutions Suite (GSS) versions prior to 3.0 HF2 12.0.0.8010, update to version 3.0 HF2 12.0.0.8010 or later. For Symantec Deployment Solution (DS) versions prior to 7.6 HF4 12.0.0.7045, update to version 7.6 HF4 12.0.0.7045 or later.