CVE-2009-3108

Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions 6.9.x before 6.9 SP3 Build 430

Description: The issue concerns the Aclient GUI in Symantec Altiris Deployment Solution, where it installs a client executable with insecure permissions, specifically 'Everyone:Full Control'. This allows local users to potentially gain privileges by replacing the executable with a malicious program, such as a Trojan horse.

Recommendations: For Symantec Altiris Deployment Solution versions 6.9.x before 6.9 SP3 Build 430, update to 6.9 SP3 Build 430 or later to resolve the issue.