Symantec Altiris eXpress NS SC Download ActiveX control vulnerability

2009-09-22T00:00:00
ID SAINT:C26A802FA0AF719FBF98576ABC8B7A32
Type saint
Reporter SAINT Corporation
Modified 2009-09-22T00:00:00

Description

Added: 09/22/2009
BID: 36346
OSVDB: 57893

Background

The Altiris eXpress NS SC Download ActiveX control is installed with several products, including Altiris Deployment Solution.

Problem

The Altiris eXpress NS SC Download ActiveX control allows remote files to be downloaded, saved to arbitrary locations, and executed when a user loads a specially crafted web page.

Resolution

Apply the hotfix referenced in Altiris knowledge base article 49069.

References

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00

Limitations

Exploit works on Altiris Deployment Solution 6.9 and requires a user to open the exploit page in Internet Explorer 6 or 7.

Platforms

Windows XP