Vulnerability Note VU#221257

Symantec AppStream and Workspace Streaming vulnerable to arbitrary code download and execution

Original Release date: 17 Jun 2010 | Last revised: 18 Jun 2010


The Symantec AppStream and Workspace Streaming clients fail to properly validate downloads, which can allow a remote, unauthenticated attacker to download and execute arbitrary code on a vulnerable system.


Symantec Workspace Streaming is a software distribution solution that "streams" applications to client desktops. Older versions of the software are known as AppStream or Altiris Streaming System. The Symantec Workspace Streaming client is configured to handle the aswe protocol. By processing an aswe:// URI, the Symantec Workspace Streaming client will download and execute applications from the specified Workspace Streaming server. The Symantec Workspace Streaming client and prior variants fail to properly authenticate with the server component of the software.


By convincing a user to view a specially crafted HTML document (e.g., a webpage or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. Other mechanisms for accessing the Workspace Streaming Client, e.g., via the aswe protocol handler, can have the same impact.


Apply an update

This issue is addressed in Symantec Workspace Streaming 6.1 SP4. Please see Symantec Advisory SYM10-008 for more details.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Symantec, Inc.Affected17 Oct 200817 Jun 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2008-4389
  • Date Public: 16 Jun 2010
  • Date First Published: 17 Jun 2010
  • Date Last Updated: 18 Jun 2010
  • Severity Metric: 8.02
  • Document Revision: 13


If you have feedback, comments, or additional information about this vulnerability, please send us email.