Vulnerability Description
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Altiris Deployment Solution | 6.9 |
| Symantec | Altiris Management Platform | 7.0 |
| Symantec | Altiris Notification Server | 6.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/60496
- http://www.securityfocus.com/bid/37092ExploitPatch
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://www.vupen.com/english/advisories/2009/3328Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54415
- https://kb.altiris.com/article.asp?article=50072&p=1
- https://kb.altiris.com/article.asp?article=50279&p=1PatchVendor Advisory
- http://osvdb.org/60496
- http://www.securityfocus.com/bid/37092ExploitPatch
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://www.vupen.com/english/advisories/2009/3328Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54415
- https://kb.altiris.com/article.asp?article=50072&p=1
- https://kb.altiris.com/article.asp?article=50279&p=1PatchVendor Advisory
FAQ
What is CVE-2009-3033?
CVE-2009-3033 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris ...
How severe is CVE-2009-3033?
CVE-2009-3033 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3033?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Altiris Deployment Solution, Symantec Altiris Management Platform, Symantec Altiris Notification Server.