Buffer Overflow in Symantec Altiris Deployment Solution and Notification Server
CVE-2009-3033

Currently unrated

Key Information:

Vendor: Symantec
Status: Altiris Notification Server; Altiris Management Platform; Altiris Deployment Solution
Vendor: CVE Published:; 25 November 2009

Summary

The vulnerability arises from a buffer overflow in the RunCmd method within the ActiveX control AeXNSConsoleUtilities.dll used by the web console of Symantec's Altiris Deployment Solution, Notification Server, and Management Platform. Attackers can exploit this vulnerability by sending specially crafted input, allowing them to execute arbitrary code on the affected system. This could lead to unauthorized access or control over sensitive information.

References

http://www.securityfocus.com/bid/37092

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2009/3328

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/54415

vdb-entryx_refsource_XF

EPSS Score

72% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 25, 2009
Vulnerability Reserved
Aug 31, 2009