CVE-2009-3033
Symantec Altiris Deployment Solution - ActiveX Control Buffer Overflow
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
Desbordamiento de búfer en el método RunCmd en Altiris eXpress NS Console Utilities ActiveX control en AeXNSConsoleUtilities.dll en la consola web de Symantec Altiris Deployment Solution v6.9.x, Altiris Notification Server v6.0.x, y Management Platform v7.0.x permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga en el segundo argumento.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-08-31 CVE Reserved
- 2009-11-25 CVE Published
- 2010-05-09 First Exploit
- 2024-08-07 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/60496 | Vdb Entry | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54415 | Vdb Entry | |
| https://kb.altiris.com/article.asp?article=50072&p=1 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16528 | 2010-05-09 | |
| http://www.securityfocus.com/bid/37092 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| https://kb.altiris.com/article.asp?article=50279&p=1 | 2017-08-17 |
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3328 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp2 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9" | sp3 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9.164 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9.164" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9.176 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9.176" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9.355 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9.355" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Deployment Solution Search vendor "Symantec" for product "Altiris Deployment Solution" | 6.9.355 Search vendor "Symantec" for product "Altiris Deployment Solution" and version "6.9.355" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Management Platform Search vendor "Symantec" for product "Altiris Management Platform" | 7.0 Search vendor "Symantec" for product "Altiris Management Platform" and version "7.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Management Platform Search vendor "Symantec" for product "Altiris Management Platform" | 7.0 Search vendor "Symantec" for product "Altiris Management Platform" and version "7.0" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp1 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp2 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0" | sp3_r7 |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Altiris Notification Server Search vendor "Symantec" for product "Altiris Notification Server" | 6.0_sp3 Search vendor "Symantec" for product "Altiris Notification Server" and version "6.0_sp3" | - |
Affected
| ||||||