CVE-2009-3031

Published: Nov 3, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.

Affected (13)

Products: Symantec: Altiris Deployment Solution, Altiris Management Platform, Altiris Notification Server

3 products

Altiris Deployment Solution

Altiris Management Platform

Altiris Notification Server

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Symantec Altiris Deployment Solution	Version 6.9
Symantec Altiris Deployment Solution	Version 6.9 sp1
Symantec Altiris Deployment Solution	Version 6.9 sp2
Symantec Altiris Deployment Solution	Version 6.9 sp3
Symantec Altiris Management Platform	Version 7.0
Symantec Altiris Management Platform	Version 7.0 sp1
Symantec Altiris Notification Server	Version 6.0
Symantec Altiris Notification Server	Version 6.0
Symantec Altiris Notification Server	Version 6.0 sp2
Symantec Altiris Notification Server	Version 6.0 sp3
Symantec Altiris Notification Server	Version 6.0 sp3_r7
Symantec Altiris Notification Server	Version 7.0
Symantec Altiris Notification Server	Version 7.0 sp3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (14)

http://sotiriu.de/adv/NSOADV-2009-001.txt

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/507625/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/36698

Source: cve@mitre.org

ExploitPatch

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/3117

Source: cve@mitre.org

PatchVendor Advisory

https://kb.altiris.com/article.asp?article=49389&p=1

Source: cve@mitre.org

Vendor Advisory

https://kb.altiris.com/article.asp?article=49568&p=1

Source: cve@mitre.org

Vendor Advisory

http://sotiriu.de/adv/NSOADV-2009-001.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/507625/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/36698

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/3117

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://kb.altiris.com/article.asp?article=49389&p=1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://kb.altiris.com/article.asp?article=49568&p=1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.