← Back

CVE-2009-3028

nvd nist
Published: Mar 7, 2011Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

Affected (30)

Symantec
3 products
Altiris Deployment Solution
Altiris Notification Server
Management Platform
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Symantec
Altiris Deployment Solution
Version 6.9
Altiris Deployment Solution
Version 6.9 sp1
Altiris Deployment Solution
Version 6.9 sp2
Altiris Deployment Solution
Version 6.9 sp3
Altiris Deployment Solution
Version 6.9 sp4
Configuration B
18 vulnerable
Vulnerable SoftwareAffected Versions
Symantec
Altiris Notification Server
Version 6.0
Altiris Notification Server
Version 6.0 sp1
Altiris Notification Server
Version 6.0 sp1_hf12
Altiris Notification Server
Version 6.0 sp2
Altiris Notification Server
Version 6.0 sp3
Altiris Notification Server
Version 6.0 sp3_r10
Altiris Notification Server
Version 6.0 sp3_r11
Altiris Notification Server
Version 6.0 sp3_r12
Altiris Notification Server
Version 6.0 sp3_r13
Altiris Notification Server
Version 6.0 sp3_r1
Altiris Notification Server
Version 6.0 sp3_r2
Altiris Notification Server
Version 6.0 sp3_r3
Altiris Notification Server
Version 6.0 sp3_r4
Altiris Notification Server
Version 6.0 sp3_r5
Altiris Notification Server
Version 6.0 sp3_r6
Altiris Notification Server
Version 6.0 sp3_r7
Altiris Notification Server
Version 6.0 sp3_r8
Altiris Notification Server
Version 6.0 sp3_r9
Configuration C
7 vulnerable
Vulnerable SoftwareAffected Versions
Symantec
Management Platform
Version 7.0
Management Platform
Version 7.0 rc5
Management Platform
Version 7.0 sp1
Management Platform
Version 7.0 sp2
Management Platform
Version 7.0 sp3
Management Platform
Version 7.0 sp4
Management Platform
Version 7.0 sp5

References (10)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.