Vulnerability CVE-2009-3031


Published: 2009-11-03   Modified: 2012-02-13

Description:
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.

See advisories in our WLB2 database:
Topic
Author
Date
High
Symantec ConsoleUtilities ActiveX Control Buffer Overflow
NSO Research
06.11.2009

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Altiris deployment solution 
Symantec -> Altiris management platform 
Symantec -> Altiris notification server 

 References:
http://sotiriu.de/adv/NSOADV-2009-001.txt
http://www.securityfocus.com/archive/1/507625/100/0/threaded
http://www.securityfocus.com/bid/36698
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00
http://www.vupen.com/english/advisories/2009/3117
https://kb.altiris.com/article.asp?article=49389&p=1
https://kb.altiris.com/article.asp?article=49568&p=1

Copyright 2020, cxsecurity.com

 

Back to Top