CVE-2008-6827
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
El control "ListView" (vista de lista) del cliente de interfaz gráfico (AClient.exe) en Altiris Deployment Solution v6.x anterior a 6.9.355 SP1 de Symantec permite a usuarios locales obtener privilegios de SYSTEM y ejecutar comandos de su elección a través un tipo de ataque "Shatter" en el botón oculto del interfaz gráfico "command prompt" para (1) sobreescribir el parámetro CommandLine a cmd.exe para usar privilegios de SYSTEM y (2) modificar la DLL que es cargada usando la función de la API LoadLibrary.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-06-08 CVE Reserved
- 2009-06-08 CVE Published
- 2018-05-04 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://marc.info/?l=bugtraq&m=122460544316205&w=2 | Mailing List | |
http://osvdb.org/49426 | Broken Link | |
http://www.securityfocus.com/bid/31766 | Broken Link | |
http://www.securitytracker.com/id?1021071 | Broken Link | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/46006 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/alt3kx/CVE-2008-6827 | 2018-05-04 |
URL | Date | SRC |
---|---|---|
http://www.insomniasec.com/advisories/ISVA-081020.1.htm | 2024-02-14 | |
http://www.symantec.com/avcenter/security/Content/2008.10.20a.html | 2024-02-14 | |
http://www.vupen.com/english/advisories/2008/2876 | 2024-02-14 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/31773 | 2024-02-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | >= 6.0 < 6.9.355 Search vendor "Symantec" for product "Altiris Deployment Solution" and version " >= 6.0 < 6.9.355" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9.355 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9.355" | - |
Affected
|