CVE-2009-3033

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-3033
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://kb.altiris.com/article.asp?article=50072&p=1
http://www.vupen.com/english/advisories/2009/3328 Vendor Advisory
https://kb.altiris.com/article.asp?article=50279&p=1 Patch Vendor Advisory
http://www.securityfocus.com/bid/37092 Exploit Patch
http://osvdb.org/60496
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/54415
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_management_platform:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0_sp3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_management_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*
Information

Published : 2009-11-25 08:30

Updated : 2017-08-16 18:31

NVD link : CVE-2009-3033

Mitre link : CVE-2009-3033

JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa
Products Affected

symantec

  • altiris_management_platform
  • altiris_notification_server
  • altiris_deployment_solution