CVE-2009-3031

Currently unrated

Key Information:

Vendor: Symantec
Status: Altiris Notification Server; Altiris Management Platform; Altiris Deployment Solution
Vendor: CVE Published:; 3 November 2009

Summary

Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.

References

http://sotiriu.de/adv/NSOADV-2009-001.txt

x_refsource_MISC

http://www.securityfocus.com/bid/36698

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2009/3117

vdb-entryx_refsource_VUPEN

EPSS Score

93% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 3, 2009
Vulnerability Reserved
Aug 31, 2009