CWE
NVD-CWE-Other
Advisory Published
Updated

CVE-2009-3028

First published: Mon Mar 07 2011(Updated: )

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Symantec Altiris Deployment Solution=6.9-sp4
Symantec Altiris Deployment Solution=6.9-sp2
Symantec Altiris Deployment Solution=6.9
Symantec Altiris Deployment Solution=6.9-sp1
Symantec Altiris Deployment Solution=6.9-sp3
Symantec Altiris Notification Server=6.0-sp3_r6
Symantec Altiris Notification Server=6.0-sp3
Symantec Altiris Notification Server=6.0-sp3_r11
Symantec Altiris Notification Server=6.0-sp3_r7
Symantec Altiris Notification Server=6.0-sp3_r1
Symantec Altiris Notification Server=6.0-sp1_hf12
Symantec Altiris Notification Server=6.0-sp3_r4
Symantec Altiris Notification Server=6.0-sp2
Symantec Altiris Notification Server=6.0-sp3_r5
Symantec Altiris Notification Server=6.0-sp3_r10
Symantec Altiris Notification Server=6.0-sp3_r9
Symantec Altiris Notification Server=6.0-sp3_r8
Symantec Altiris Notification Server=6.0-sp3_r13
Symantec Altiris Notification Server=6.0-sp3_r2
Symantec Altiris Notification Server=6.0-sp3_r3
Symantec Altiris Notification Server=6.0
Symantec Altiris Notification Server=6.0-sp1
Symantec Altiris Notification Server=6.0-sp3_r12
Symantec Management Platform=7.0-sp4
Symantec Management Platform=7.0-sp2
Symantec Management Platform=7.0-sp1
Symantec Management Platform=7.0
Symantec Management Platform=7.0-rc5
Symantec Management Platform=7.0-sp3
Symantec Management Platform=7.0-sp5

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203