Privilege Escalation in Symantec Altiris Deployment Solution 6.x
CVE-2008-6827

7.8HIGH

Key Information:

Vendor
Symantec
Status
Altiris Deployment Solution
Altiris Notification Server
Vendor
CVE Published:
8 June 2009

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The ListView control in the Client GUI (AClient.exe) of Symantec Altiris Deployment Solution versions prior to 6.9.355 SP1 is susceptible to a privilege escalation vulnerability. Local attackers can exploit this weakness by executing a 'Shatter' style attack on a hidden GUI button tied to the command prompt. This exploitation enables the attacker to overwrite the CommandLine parameter to gain SYSTEM privileges and manipulate the DLLs loaded into the application via the LoadLibrary API, allowing for arbitrary command execution with elevated permissions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-6827
Created by alt3kx

References

http://www.securitytracker.com/id?1021071
vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=122460544316205&w=2
mailing-listx_refsource_BUGTRAQ
http://www.symantec.com/avcenter/security/Content/2008.10...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.