CVE-2009-3028

Currently unrated

Key Information:

Vendor: Symantec
Status: Altiris Deployment Solution
Vendor: CVE Published:; 7 March 2011

Summary

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

References

http://www.securityfocus.com/bid/36346

vdb-entryx_refsource_BID

http://www.osvdb.org/57893

vdb-entryx_refsource_OSVDB

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

EPSS Score

76% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 7, 2011
Vulnerability Reserved
Aug 31, 2009