Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3028

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-3028
Last Modified 06 Feb 2013 11:21:27
Published 07 Mar 2011 04:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3028

Summary

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

Vulnerable Systems

Application

  • Symantec Altiris Deployment Solution 6.9

  • Symantec Altiris Notification Server 6.0

  • Symantec Management Platform 7.0


References

CONFIRM - http://www.symantec.com/business/support/index?page=content&id=TECH44885

CONFIRM - http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00

BID - 36346

OSVDB - 57893

SECUNIA - 36679

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00


Last Updated: 27 May 2016 10:51:50