PT-2009-2296 · Symantec+1 · Symantec Altiris Deployment Solution+1
Brett Moore
·
Published
2009-06-08
·
Updated
2024-02-14
·
CVE-2008-6827
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Symantec Altiris Deployment Solution versions prior to 6.9.355 SP1
Description:
The issue allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack. This attack targets the
CommandLine parameter to cmd.exe to use SYSTEM privileges and modifies the DLL loaded using the LoadLibrary API function.Recommendations:
For Symantec Altiris Deployment Solution versions prior to 6.9.355 SP1, update to version 6.9.355 SP1 or later to resolve the issue.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symantec Altiris Deployment Solution
Cmd.Exe