CVE-2009-3033

Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions 6.9.x Symantec Altiris Notification Server versions 6.0.x Symantec Management Platform versions 7.0.x

Description: The issue is related to a buffer overflow in the RunCmd method of the Altiris eXpress NS Console Utilities ActiveX control. This control is part of the web console in Symantec Altiris products. The buffer overflow can be triggered by a long string in the second argument, allowing remote attackers to execute arbitrary code.

Recommendations: For Symantec Altiris Deployment Solution versions 6.9.x, consider disabling the AeXNSConsoleUtilities.dll until a patch is available. For Symantec Altiris Notification Server versions 6.0.x, restrict access to the web console to minimize the risk of exploitation. For Symantec Management Platform versions 7.0.x, avoid using the RunCmd method with untrusted input until the issue is resolved.