medium
6.8
CWE
NVD-CWE-Other
Advisory Published
Updated

CVE-2009-3028

First published: Mon Mar 07 2011(Updated: )

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Symantec Deployment Solution=6.9-sp4
Symantec Deployment Solution=6.9-sp2
Symantec Deployment Solution=6.9
Symantec Deployment Solution=6.9-sp1
Symantec Deployment Solution=6.9-sp3
Symantec Altiris Notification Server=6.0-sp3_r6
Symantec Altiris Notification Server=6.0-sp3
Symantec Altiris Notification Server=6.0-sp3_r11
Symantec Altiris Notification Server=6.0-sp3_r7
Symantec Altiris Notification Server=6.0-sp3_r1
Symantec Altiris Notification Server=6.0-sp1_hf12
Symantec Altiris Notification Server=6.0-sp3_r4
Symantec Altiris Notification Server=6.0-sp2
Symantec Altiris Notification Server=6.0-sp3_r5
Symantec Altiris Notification Server=6.0-sp3_r10
Symantec Altiris Notification Server=6.0-sp3_r9
Symantec Altiris Notification Server=6.0-sp3_r8
Symantec Altiris Notification Server=6.0-sp3_r13
Symantec Altiris Notification Server=6.0-sp3_r2
Symantec Altiris Notification Server=6.0-sp3_r3
Symantec Altiris Notification Server=6.0
Symantec Altiris Notification Server=6.0-sp1
Symantec Altiris Notification Server=6.0-sp3_r12
Symantec Management Platform=7.0-sp4
Symantec Management Platform=7.0-sp2
Symantec Management Platform=7.0-sp1
Symantec Management Platform=7.0
Symantec Management Platform=7.0-rc5
Symantec Management Platform=7.0-sp3
Symantec Management Platform=7.0-sp5

Remedy

http://www.symantec.com/business/support/index?page=content&id=TECH44885

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2009-3028?

    CVE-2009-3028 is classified as a critical vulnerability allowing remote code execution.

  • How do I fix CVE-2009-3028?

    To fix CVE-2009-3028, upgrade to the latest version of Symantec Altiris Deployment Solution, Notification Server, or Management Platform.

  • Which software is affected by CVE-2009-3028?

    CVE-2009-3028 affects various versions of Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x.

  • What kind of attack can result from CVE-2009-3028?

    CVE-2009-3028 allows attackers to force the download of arbitrary files to a user's machine.

  • Is CVE-2009-3028 being actively exploited?

    While it may not be actively exploited at all times, CVE-2009-3028 remains a significant risk if systems are not updated.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203