Vulnerability Description
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Altiris Deployment Solution | 6.9 |
| Symantec | Altiris Notification Server | 6.0 |
| Symantec | Management Platform | 7.0 |
References
- http://secunia.com/advisories/36679Vendor Advisory
- http://www.osvdb.org/57893
- http://www.securityfocus.com/bid/36346Exploit
- http://www.symantec.com/business/support/index?page=content&id=TECH44885Patch
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://secunia.com/advisories/36679Vendor Advisory
- http://www.osvdb.org/57893
- http://www.securityfocus.com/bid/36346Exploit
- http://www.symantec.com/business/support/index?page=content&id=TECH44885Patch
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
FAQ
What is CVE-2009-3028?
CVE-2009-3028 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x expose...
How severe is CVE-2009-3028?
CVE-2009-3028 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3028?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Altiris Deployment Solution, Symantec Altiris Notification Server, Symantec Management Platform.