CVE-2009-3028
First published: Mon Mar 07 2011(Updated: )
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Altiris Deployment Solution | =6.9-sp4 | |
| Symantec Altiris Deployment Solution | =6.9-sp2 | |
| Symantec Altiris Deployment Solution | =6.9 | |
| Symantec Altiris Deployment Solution | =6.9-sp1 | |
| Symantec Altiris Deployment Solution | =6.9-sp3 | |
| Symantec Altiris Notification Server | =6.0-sp3_r6 | |
| Symantec Altiris Notification Server | =6.0-sp3 | |
| Symantec Altiris Notification Server | =6.0-sp3_r11 | |
| Symantec Altiris Notification Server | =6.0-sp3_r7 | |
| Symantec Altiris Notification Server | =6.0-sp3_r1 | |
| Symantec Altiris Notification Server | =6.0-sp1_hf12 | |
| Symantec Altiris Notification Server | =6.0-sp3_r4 | |
| Symantec Altiris Notification Server | =6.0-sp2 | |
| Symantec Altiris Notification Server | =6.0-sp3_r5 | |
| Symantec Altiris Notification Server | =6.0-sp3_r10 | |
| Symantec Altiris Notification Server | =6.0-sp3_r9 | |
| Symantec Altiris Notification Server | =6.0-sp3_r8 | |
| Symantec Altiris Notification Server | =6.0-sp3_r13 | |
| Symantec Altiris Notification Server | =6.0-sp3_r2 | |
| Symantec Altiris Notification Server | =6.0-sp3_r3 | |
| Symantec Altiris Notification Server | =6.0 | |
| Symantec Altiris Notification Server | =6.0-sp1 | |
| Symantec Altiris Notification Server | =6.0-sp3_r12 | |
| Symantec Management Platform | =7.0-sp4 | |
| Symantec Management Platform | =7.0-sp2 | |
| Symantec Management Platform | =7.0-sp1 | |
| Symantec Management Platform | =7.0 | |
| Symantec Management Platform | =7.0-rc5 | |
| Symantec Management Platform | =7.0-sp3 | |
| Symantec Management Platform | =7.0-sp5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.symantec.com/business/support/index?page=content&id=TECH44885
- http://secunia.com/advisories/36679
- http://www.osvdb.org/57893
- http://www.securityfocus.com/bid/36346
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/symantec
- canonical/symantec altiris deployment solution
- version/symantec altiris deployment solution/6.9-sp4
- version/symantec altiris deployment solution/6.9-sp2
- version/symantec altiris deployment solution/6.9
- version/symantec altiris deployment solution/6.9-sp1
- version/symantec altiris deployment solution/6.9-sp3
- canonical/symantec altiris notification server
- version/symantec altiris notification server/6.0-sp3_r6
- version/symantec altiris notification server/6.0-sp3
- version/symantec altiris notification server/6.0-sp3_r11
- version/symantec altiris notification server/6.0-sp3_r7
- version/symantec altiris notification server/6.0-sp3_r1
- version/symantec altiris notification server/6.0-sp1_hf12
- version/symantec altiris notification server/6.0-sp3_r4
- version/symantec altiris notification server/6.0-sp2
- version/symantec altiris notification server/6.0-sp3_r5
- version/symantec altiris notification server/6.0-sp3_r10
- version/symantec altiris notification server/6.0-sp3_r9
- version/symantec altiris notification server/6.0-sp3_r8
- version/symantec altiris notification server/6.0-sp3_r13
- version/symantec altiris notification server/6.0-sp3_r2
- version/symantec altiris notification server/6.0-sp3_r3
- version/symantec altiris notification server/6.0
- version/symantec altiris notification server/6.0-sp1
- version/symantec altiris notification server/6.0-sp3_r12
- canonical/symantec management platform
- version/symantec management platform/7.0-sp4
- version/symantec management platform/7.0-sp2
- version/symantec management platform/7.0-sp1
- version/symantec management platform/7.0
- version/symantec management platform/7.0-rc5
- version/symantec management platform/7.0-sp3
- version/symantec management platform/7.0-sp5