First published: Wed Nov 25 2009(Updated: )
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Symantec Altiris Notification Server | =6.0_sp3 | |
Symantec Altiris Notification Server | =6.0-sp3 | |
Symantec Altiris Management Platform | =7.0 | |
Symantec Deployment Solution | =6.9-sp2 | |
Symantec Deployment Solution | =6.9 | |
Symantec Altiris Notification Server | =6.0-sp3_r7 | |
Symantec Deployment Solution | =6.9-sp1 | |
Symantec Deployment Solution | =6.9.164 | |
Symantec Altiris Notification Server | =6.0-sp2 | |
Symantec Altiris Management Platform | =7.0-sp1 | |
Symantec Deployment Solution | =6.9.176 | |
Symantec Deployment Solution | =6.9-sp3 | |
Symantec Deployment Solution | =6.9.355-sp1 | |
Symantec Altiris Notification Server | =6.0 | |
Symantec Altiris Notification Server | =6.0-sp1 | |
Symantec Deployment Solution | =6.9.355 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-3033 is classified as a critical vulnerability that allows remote code execution via a buffer overflow.
To fix CVE-2009-3033, upgrade to the latest version of Symantec Altiris products that are not vulnerable.
CVE-2009-3033 affects Symantec Altiris Notification Server versions 6.0.x, Altiris Deployment Solution 6.9.x, and Management Platform 7.0.x.
Yes, CVE-2009-3033 can be exploited remotely by an attacker to execute arbitrary code.
The impact of CVE-2009-3033 includes potential unauthorized access and control over affected systems.