CVE-2009-3033

2009-11-2516:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-3033

altiris

buffer overflow

runcmd method

symantec

aexnsconsoleutilities.dll

remote code execution

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.5%

JSON

Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.

CPENameOperatorVersion
symantec:altiris_notification_serversymantec altiris notification servereq6.0_sp3
symantec:altiris_notification_serversymantec altiris notification servereq6.0
symantec:altiris_management_platformsymantec altiris management platformeq7.0
symantec:altiris_deployment_solutionsymantec altiris deployment solutioneq6.9
symantec:altiris_deployment_solutionsymantec altiris deployment solutioneq6.9.164
symantec:altiris_deployment_solutionsymantec altiris deployment solutioneq6.9.176
symantec:altiris_deployment_solutionsymantec altiris deployment solutioneq6.9.355

CPE	Name	Operator	Version
symantec:altiris_notification_server	symantec altiris notification server	eq	6.0_sp3
symantec:altiris_notification_server	symantec altiris notification server	eq	6.0
symantec:altiris_management_platform	symantec altiris management platform	eq	7.0
symantec:altiris_deployment_solution	symantec altiris deployment solution	eq	6.9
symantec:altiris_deployment_solution	symantec altiris deployment solution	eq	6.9.164
symantec:altiris_deployment_solution	symantec altiris deployment solution	eq	6.9.176
symantec:altiris_deployment_solution	symantec altiris deployment solution	eq	6.9.355