24 matches found
CVE-2008-4564
A stack-based buffer overflow in Autonomy KeyView SDK wp6sr.dll (WordPerfect document parser) allows remote code execution. The CVE-2008-4564 issue affects IBM Lotus Notes (and other products using KeyView), caused by unbounded copying of records into a fixed-size stack buffer when processing WPD...
CVE-2009-3033
CVE-2009-3033 describes a stack-based buffer overflow in the RunCmd method of AeXNSConsoleUtilities.dll (Altiris eXpress NS Console Utilities ActiveX control) used by Symantec Altiris Deployment Solution, Altiris Notification Server, and Symantec Management Platform. The vulnerability allows remo...
CVE-2009-3028
The CVE-2009-3028 entry concerns Symantec Altiris components (AeXNSPkgDLLib.dll) used in Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Management Platform 7.0.x. The AeXNSPkgDL.1 ActiveX control exposes an unsafe method, DownloadAndInstall, which can be abused to force the dow...
CVE-2009-3109
CVE-2009-3109 affects Symantec Altiris Deployment Solution 6.9.x prior to 6.9 SP3 Build 430. The AClient agent, when key-based authentication is used, can be bypassed by spoofing the deployment server and issuing alternate commands before the handshake, allowing arbitrary commands to be executed ...
CVE-2009-3031
The CVE-2009-3031 issue is a stack-based buffer overflow in the BrowseAndSaveFile() method of the AeXNSConsoleUtilities.dll (6.0.0.1846) ActiveX control used by Symantec Altiris Notification Server, Deployment Solution, and SMP . A long string in the second argument can lead to remote code execut...
CVE-2009-3108
CVE-2009-3108 affects Symantec Altiris Deployment Solution 6.9.x prior to 6.9 SP3 Build 430. The Aclient GUI is installed with insecure permissions (Everyone: Full Control), enabling local users to escalate privileges by replacing the client executable with a Trojan horse. Impact is local privile...
CVE-2009-3178
Technical details about CVE-2009-3178 are not publicly available in the provided documents. The materials only reference an unspecified DoS claim for Symantec Altiris Deployment Solution 6.9; monitor for updates.
CVE-2008-2286
CVE-2008-2286 describes an SQL injection in Symantec Altiris Deployment Solution (DS) via axengine.exe, affecting 6.8.x and 6.9.x before 6.9.176. The vulnerability allows remote execution of arbitrary SQL commands through crafted notification packets (Port 402/tcp), with network access and no aut...
CVE-2007-4380
CVE-2007-4380 affects Symantec Altiris Deployment Solution 6.x prior to 6.8 SP2 (build 6.8.378) where the Aclient Log File Viewer enables local users to gain SYSTEM privileges. The vulnerability is described as a local privilege escalation via the Log File Viewer in the Altiris client (aclient). ...
CVE-2007-5838
CVE-2007-5838 affects Symantec Altiris Deployment Solution 6.x prior to 6.8.380.0. A local privilege escalation is possible because a local user can gain SYSTEM privileges via the browser option “Enable key-based authentication to Deployment server.” The description notes this is a different issu...
CVE-2009-3107
Symantec Altiris Deployment Solution 6.9.x prior to 6.9 SP3 Build 430 is affected by CVE-2009-3107 due to improper access restriction on the DBManager service port. This allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to the DBManager. Mu...
CVE-2008-2291
Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176 are affected by CVE-2008-2291 due to an insecure credential mechanism in axengine.exe. The service, listening on TCP port 402, generates domain credentials with a fixed salt or no salt at all, enabling remote attackers to guess...
CVE-2008-6827
Affected software: Symantec Altiris Deployment Solution (Client GUI) with AClient.exe in 6.x before 6.9.355 SP1. Vulnerability: A local privilege escalation via the ListView control’s hidden GUI button (the “Shatter” style attack) allows overwriting the CommandLine parameter to cmd.exe to gain SY...
CVE-2009-3110
CVE-2009-3110 affects Symantec Altiris Deployment Solution 6.9.x prior to 6.9 SP3 Build 430. A race condition in the file transfer functionality allows a remote attacker to intercept file transfers by connecting to the transfer port before the legitimate client, potentially reading sensitive file...
CVE-2009-3179
Technical details are not publicly available in the provided documents; monitor for updates.
CVE-2008-1473
The CVE affects the Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164, allowing local users to gain privileges via a Shatter-style attack. Root cause is a privilege-escalation path in AClient.exe; impact is local privilege elevation. Mitigation: upg...
CVE-2008-6828
CVE-2008-6828 affects Symantec Altiris Deployment Solution (6.x) prior to 6.9.355 SP1. Affected component: Application Identity Account handling; root cause: the Application Identity Account password is stored in memory in cleartext, enabling a local attacker to glean credentials and gain privile...
CVE-2008-1754
The CVE-2008-1754 issue affects Symantec Altiris Deployment Solution before 6.9.164, where the Deployment Solution Agent (AClient) password is stored in cleartext in memory. This allows a local attacker to obtain sensitive credentials by dumping the aclient.exe process memory, leading to potentia...
CVE-2008-2287
Affected product: Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176. Issue: insufficient protection of the install directory may allow a local user to gain privileges by replacing an application component with a Trojan horse. Documented impact: local privilege escalation with ...
CVE-2008-2289
The CVE-2008-2289 entry concerns Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176. A vulnerability in a tooltip element enables local users to gain privileges via unspecified attack vectors. Connected documents corroborate the issue as part of multiple local vulnerabilities a...
CVE-2008-2290
CVE-2008-2290 affects Symantec Altiris Deployment Solution Agent in 6.8.x and 6.9.x prior to 6.9.176. It is described as an unspecified local privilege escalation via the Agent user interface, with a CVSS v2 base score of 7.2 (LOCAL attack vector, HIGH impact). Public references note multiple loc...
CVE-2010-0109
CVE-2010-0109 affects Symantec/Altiris Deployment Solution 6.9.x prior to DS 6.9 SP4. The DBManager component can crash via a crafted CreateSession or PXEManagerSignOn request, yielding a remote DoS. Exploitation potential is described as remote and network-adjacent, with impact on availability (...
CVE-2007-5555
Technical details for CVE-2007-5555 are not publicly available in the provided documents; no affected products, root cause, impact or fix are disclosed. Monitor for updates.
CVE-2008-2288
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, enabling local users to cause a denial of service or obtain sensitive information. This CVE (CVE-2008-2288) is documented in NVD and related Nessus e...