CVE-2009-3028
Symantec Altiris Deployment Solution - ActiveX Control Arbitrary File Download and Execute
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
En Altiris eXpress NS SC la descarga del control ActiveX en AeXNSPkgDLLib.dll, como en Symantec Altiris Deployment Solution v6.9.x, Notification Server v6.0.x, y Symantec Management Platform v7.0.x expone un método inseguro, que permite a atacantes remotos forzar la descarga de archivos arbitrarios y, posiblemente, ejecutar código arbitrario a través del método DownloadAndInstall.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-08-31 CVE Reserved
- 2009-11-26 CVE Published
- 2010-11-24 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/57893 | Vdb Entry | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16600 | 2010-11-24 | |
| http://www.securityfocus.com/bid/36346 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.symantec.com/business/support/index?page=content&id=TECH44885 | 2013-02-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36679 | 2013-02-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp2 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp3 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp4 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp1_hf12 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp2 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r10 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r11 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r12 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r13 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r2 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r3 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r4 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r5 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r6 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r7 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r8 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r9 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Management Platform Search vendor "Symantec" for product "Management Platform" | 7.0 Search vendor "Symantec" for product "Management Platform" and version "7.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Management Platform Search vendor "Symantec" for product "Management Platform" | 7.0 Search vendor "Symantec" for product "Management Platform" and version "7.0" | rc5 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Management Platform Search vendor "Symantec" for product "Management Platform" | 7.0 Search vendor "Symantec" for product "Management Platform" and version "7.0" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Management Platform Search vendor "Symantec" for product "Management Platform" | 7.0 Search vendor "Symantec" for product "Management Platform" and version "7.0" | sp2 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Management Platform Search vendor "Symantec" for product "Management Platform" | 7.0 Search vendor "Symantec" for product "Management Platform" and version "7.0" | sp3 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Management Platform Search vendor "Symantec" for product "Management Platform" | 7.0 Search vendor "Symantec" for product "Management Platform" and version "7.0" | sp4 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Management Platform Search vendor "Symantec" for product "Management Platform" | 7.0 Search vendor "Symantec" for product "Management Platform" and version "7.0" | sp5 |
Affected
| ||||||