Stack-based buffer overflow in Altiris Notification Server by Symantec
CVE-2009-3031

Currently unrated

Key Information:

Vendor: Symantec
Status: Altiris Notification Server; Altiris Management Platform; Altiris Deployment Solution
Vendor: CVE Published:; 3 November 2009

Summary

The Stack-based buffer overflow in the BrowseAndSaveFile method of the Altiris eXpress NS ConsoleUtilities ActiveX control poses a significant risk, allowing remote attackers to execute arbitrary code by supplying a long string as a parameter. This vulnerability affects various products within the Symantec Altiris suite, facilitating unauthorized access and potential system compromise.

References

http://sotiriu.de/adv/NSOADV-2009-001.txt

x_refsource_MISC

http://www.securityfocus.com/bid/36698

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2009/3117

vdb-entryx_refsource_VUPEN

EPSS Score

76% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 3, 2009
Vulnerability Reserved
Aug 31, 2009