6 matches found
CVE-2009-3033
CVE-2009-3033 describes a stack-based buffer overflow in the RunCmd method of AeXNSConsoleUtilities.dll (Altiris eXpress NS Console Utilities ActiveX control) used by Symantec Altiris Deployment Solution, Altiris Notification Server, and Symantec Management Platform. The vulnerability allows remo...
CVE-2009-3028
The CVE-2009-3028 entry concerns Symantec Altiris components (AeXNSPkgDLLib.dll) used in Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Management Platform 7.0.x. The AeXNSPkgDL.1 ActiveX control exposes an unsafe method, DownloadAndInstall, which can be abused to force the dow...
CVE-2009-3031
The CVE-2009-3031 issue is a stack-based buffer overflow in the BrowseAndSaveFile() method of the AeXNSConsoleUtilities.dll (6.0.0.1846) ActiveX control used by Symantec Altiris Notification Server, Deployment Solution, and SMP . A long string in the second argument can lead to remote code execut...
CVE-2009-3035
Symantec Altiris Notification Server 6.0.x prior to SP3 R12 stores a static encryption key on the server to encrypt credentials used for discovery and SQL Server access. The hardcoded key can decrypt these credentials, enabling local users to obtain sensitive information and, if decrypted credent...
CVE-2008-2794
CVE-2008-2794 describes a local privilege escalation affecting the Symantec Altiris Notification Server Agent GUI. The vulnerability is tied to Altiris Notification Server Agent 6.x (before 6.0 SP3 R8) and allows local users to gain privileges via unspecified attack vectors. The connected sources...
CVE-2008-0716
The CVE-2008-0716 entry affects the Symantec Altiris Notification Server agent (AeXNSAgent) prior to version 6.0 SP3 R7. The vulnerability enables local privilege escalation via a "Shatter"-style attack, with an impact on confidentiality, integrity, and availability. NVD lists a base score of 6.8...