CVE-2009-3031

Name of the Vulnerable Software and Affected Versions: Symantec Altiris Notification Server (NS) versions 6.0.0.1846 through 6.0 before R12 Symantec Altiris Deployment Solution versions 6.8 and 6.9 in Deployment Server Symantec Management Platform (SMP) versions 7.0 through 7.0 before SP3

Description: The issue is a stack-based buffer overflow in the BrowseAndSaveFile method within the Altiris eXpress NS ConsoleUtilities ActiveX control. This allows remote attackers to execute arbitrary code via a long string in the second argument to the BrowseAndSaveFile method.

Recommendations: For Symantec Altiris Notification Server (NS) versions 6.0.0.1846 through 6.0 before R12, update to R12 or later. For Symantec Altiris Deployment Solution versions 6.8 and 6.9 in Deployment Server, consider disabling the BrowseAndSaveFile method until a patch is available. For Symantec Management Platform (SMP) versions 7.0 through 7.0 before SP3, update to SP3 or later.