Back to search

Symantec Workspace Streaming Arbitrary File Upload

This module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • rgod <rgod [at]>
  • juan vazquez <juan.vazquez [at]>



  • Symantec Workspace Streaming 6.1 SP8 / Java Universal


  • java


  • java



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/antivirus/symantec_workspace_streaming_exec msf exploit(symantec_workspace_streaming_exec) > show targets ...targets... msf exploit(symantec_workspace_streaming_exec) > set TARGET <target-id> msf exploit(symantec_workspace_streaming_exec) > show options and set options... msf exploit(symantec_workspace_streaming_exec) > exploit