ActiveX Control Vulnerability in Symantec Altiris Deployment Solution
CVE-2009-3028

Currently unrated

Key Information:

Vendor: Symantec
Status: Altiris Deployment Solution
Vendor: CVE Published:; 7 March 2011

What is CVE-2009-3028?

The Altiris eXpress NS SC Download ActiveX control, located in AeXNSPkgDLLib.dll, is susceptible to exploitation. This vulnerability allows remote attackers to use the DownloadAndInstall method to initiate the download of arbitrary files. If successfully leveraged, this can lead to the execution of malicious code on a target system. Organizations utilizing Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, or Symantec Management Platform 7.0.x should be aware of this risk and take necessary precautions.

References

http://www.securityfocus.com/bid/36346

vdb-entryx_refsource_BID

http://www.osvdb.org/57893

vdb-entryx_refsource_OSVDB

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

EPSS Score

72% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2011
Vulnerability Reserved
Aug 31, 2009