CVE-2008-6827
First published: Mon Jun 08 2009(Updated: )
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Altiris Deployment Solution | =6.8.282 | |
| Symantec Altiris Deployment Solution | =6.8_sp1 | |
| Symantec Altiris Notification Server | <=6.9.176 | |
| Symantec Altiris Deployment Solution | =6.5.299 | |
| Symantec Altiris Deployment Solution | =6.8-sp2 | |
| Symantec Altiris Deployment Solution | =6.9 | |
| Symantec Altiris Deployment Solution | =6.8.378 | |
| Symantec Altiris Deployment Solution | =6.8.380.0 | |
| Symantec Altiris Deployment Solution | =6.8_sp2 | |
| Symantec Altiris Deployment Solution | =6.9.164 | |
| Symantec Altiris Deployment Solution | =6-sp1 | |
| Symantec Altiris Deployment Solution | =6.5.248 | |
| Symantec Altiris Deployment Solution | =6-sp2 | |
| Symantec Altiris Deployment Solution | =6.0 | |
| Symantec Altiris Deployment Solution | =6.8-sp1 | |
| Symantec Altiris Deployment Solution | =6.8 | |
| Symantec Altiris Deployment Solution | >=6.0<6.9.355 | |
| Symantec Altiris Deployment Solution | =6.9.355 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id?1021071
- http://osvdb.org/49426
- http://www.securityfocus.com/bid/31766
- http://marc.info/?l=bugtraq&m=122460544316205&w=2
- http://www.insomniasec.com/advisories/ISVA-081020.1.htm
- http://www.vupen.com/english/advisories/2008/2876
- http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
- http://secunia.com/advisories/31773
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46006
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/remedy
- agent/weakness
- agent/references
- agent/tags
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/symantec
- canonical/symantec altiris deployment solution
- version/symantec altiris deployment solution/6.8.282
- version/symantec altiris deployment solution/6.8_sp1
- canonical/symantec altiris notification server
- version/symantec altiris notification server/6.9.176
- version/symantec altiris deployment solution/6.5.299
- version/symantec altiris deployment solution/6.8-sp2
- version/symantec altiris deployment solution/6.9
- version/symantec altiris deployment solution/6.8.378
- version/symantec altiris deployment solution/6.8.380.0
- version/symantec altiris deployment solution/6.8_sp2
- version/symantec altiris deployment solution/6.9.164
- version/symantec altiris deployment solution/6-sp1
- version/symantec altiris deployment solution/6.5.248
- version/symantec altiris deployment solution/6-sp2
- version/symantec altiris deployment solution/6.0
- version/symantec altiris deployment solution/6.8-sp1
- version/symantec altiris deployment solution/6.8
- version/symantec altiris deployment solution/6.9.355