| Name | Symantec.Altiris.AeXNSConsoleUtilities.Dll.RunCmd.Method.Access |
| Release Date | Jan 12, 2010 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a code-execution vulnerability in Symantec Altiris Products.
The vulnerability is located in the "AeXNSConsoleUtilities.dll" ActiveX control through misuse of the "RunCMD" method. It may allow remote attackers to download and install arbitrary files in vulnerable systems. |
| Affected Products | Symantec Management Platform 7.0 SP1
Symantec Management Platform 7.0
Symantec Altiris Notification Server 6.0 SP3 R7
Symantec Altiris Notification Server 6.0 SP3
Symantec Altiris Notification Server 6.0 SP2
Symantec Altiris Notification Server 6.0 SP1
Symantec Altiris Notification Server 6.0
Symantec Altiris Deployment Solution 6.9.355 SP1
Symantec Altiris Deployment Solution 6.9.355
Symantec Altiris Deployment Solution 6.9.176
Symantec Altiris Deployment Solution 6.9.164
Symantec Altiris Deployment Solution 6.9 SP3 Build 430
Symantec Altiris Deployment Solution 6.9 SP2 build 375
Symantec Altiris Deployment Solution 6.9 SP1
Symantec Altiris Deployment Solution 6.9 |
| Recommended Actions | Apply the patch, available from the vendor's web site:
Symantec Altiris Deployment Solution versions 6.9.x:
https://kb.altiris.com/article.asp?article=50279&p=1
Symantec Altiris Notification Server versions 6.0.x :
https://kb.altiris.com/article.asp?article=50072&p=1
Symantec Management Platform versions 7.0.x :
https://kb.altiris.com/article.asp?article=50072&p=1 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3033
|
| Reference/s | http://www.securityfocus.com/bid/37092 (BugTraq)
|