CVE-2009-3033: Buffer Overflow
First published: Wed Nov 25 2009(Updated: )
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Altiris Notification Server | =6.0_sp3 | |
| Symantec Altiris Notification Server | =6.0-sp3 | |
| Symantec Altiris Management Platform | =7.0 | |
| Symantec Altiris Deployment Solution | =6.9-sp2 | |
| Symantec Altiris Deployment Solution | =6.9 | |
| Symantec Altiris Notification Server | =6.0-sp3_r7 | |
| Symantec Altiris Deployment Solution | =6.9-sp1 | |
| Symantec Altiris Deployment Solution | =6.9.164 | |
| Symantec Altiris Notification Server | =6.0-sp2 | |
| Symantec Altiris Management Platform | =7.0-sp1 | |
| Symantec Altiris Deployment Solution | =6.9.176 | |
| Symantec Altiris Deployment Solution | =6.9-sp3 | |
| Symantec Altiris Deployment Solution | =6.9.355-sp1 | |
| Symantec Altiris Notification Server | =6.0 | |
| Symantec Altiris Notification Server | =6.0-sp1 | |
| Symantec Altiris Deployment Solution | =6.9.355 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://kb.altiris.com/article.asp?article=50072&p=1
- http://www.vupen.com/english/advisories/2009/3328
- https://kb.altiris.com/article.asp?article=50279&p=1
- http://www.securityfocus.com/bid/37092
- http://osvdb.org/60496
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091124_00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54415
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/symantec
- canonical/symantec altiris notification server
- version/symantec altiris notification server/6.0_sp3
- version/symantec altiris notification server/6.0-sp3
- canonical/symantec altiris management platform
- version/symantec altiris management platform/7.0
- canonical/symantec altiris deployment solution
- version/symantec altiris deployment solution/6.9-sp2
- version/symantec altiris deployment solution/6.9
- version/symantec altiris notification server/6.0-sp3_r7
- version/symantec altiris deployment solution/6.9-sp1
- version/symantec altiris deployment solution/6.9.164
- version/symantec altiris notification server/6.0-sp2
- version/symantec altiris management platform/7.0-sp1
- version/symantec altiris deployment solution/6.9.176
- version/symantec altiris deployment solution/6.9-sp3
- version/symantec altiris deployment solution/6.9.355-sp1
- version/symantec altiris notification server/6.0
- version/symantec altiris notification server/6.0-sp1
- version/symantec altiris deployment solution/6.9.355