Vulnerability CVE-2009-3033


Published: 2009-11-25   Modified: 2012-02-13

Description:
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Altiris deployment solution 
Symantec -> Altiris management platform 
Symantec -> Altiris notification server 

 References:
https://kb.altiris.com/article.asp?article=50279&p=1
http://www.securityfocus.com/bid/37092
https://kb.altiris.com/article.asp?article=50072&p=1
http://xforce.iss.net/xforce/xfdb/54415
http://www.vupen.com/english/advisories/2009/3328
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00
http://osvdb.org/60496

Copyright 2021, cxsecurity.com

 

Back to Top