PT-2009-5368 · Symantec · Symantec Management Platform+2
Nikolas Sotiriu
·
Published
2009-11-03
·
Updated
2018-10-10
·
CVE-2009-3031
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Symantec Altiris Notification Server (NS) versions 6.0.0.1846 through 6.0 before R12
Symantec Altiris Deployment Solution versions 6.8 and 6.9 in Deployment Server
Symantec Management Platform (SMP) versions 7.0 through 7.0 before SP3
Description:
The issue is a stack-based buffer overflow in the
BrowseAndSaveFile method within the Altiris eXpress NS ConsoleUtilities ActiveX control. This allows remote attackers to execute arbitrary code via a long string in the second argument to the BrowseAndSaveFile method.Recommendations:
For Symantec Altiris Notification Server (NS) versions 6.0.0.1846 through 6.0 before R12, update to R12 or later.
For Symantec Altiris Deployment Solution versions 6.8 and 6.9 in Deployment Server, consider disabling the
BrowseAndSaveFile method until a patch is available.
For Symantec Management Platform (SMP) versions 7.0 through 7.0 before SP3, update to SP3 or later.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symantec Altiris Deployment Solution
Symantec Altiris Notification Server
Symantec Management Platform