ID CVE-2009-3028
Summary The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp4:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp4:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1_hf12:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1_hf12:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r1:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r10:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r10:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r11:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r11:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r12:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r12:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r13:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r13:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r2:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r2:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r3:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r3:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r4:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r4:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r5:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r5:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r6:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r6:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*
  • cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r9:*:*:*:*:*:*
    cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r9:*:*:*:*:*:*
  • cpe:2.3:a:symantec:management_platform:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:management_platform:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:management_platform:7.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:symantec:management_platform:7.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:symantec:management_platform:7.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:management_platform:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:management_platform:7.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:symantec:management_platform:7.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:symantec:management_platform:7.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:symantec:management_platform:7.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:symantec:management_platform:7.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:symantec:management_platform:7.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:symantec:management_platform:7.0:sp5:*:*:*:*:*:*
    cpe:2.3:a:symantec:management_platform:7.0:sp5:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 07-02-2013 - 04:21)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 36346
confirm
osvdb 57893
secunia 36679
saint via4
bid 36346
description Symantec Altiris eXpress NS SC Download ActiveX control vulnerability
id misc_av_symantec_altirisdl
osvdb 57893
title altiris_express_ns_sc_download
type client
Last major update 07-02-2013 - 04:21
Published 07-03-2011 - 21:00
Last modified 07-02-2013 - 04:21
Back to Top