Lucene search

MitreCVE-2008-6827

HistoryJun 08, 2009 - 7:30 p.m.

CVE-2008-6827

2009-06-0819:30:00

CWE-306

mitre

web.nvd.nist.gov

symantec

altiris

deployment solution

cve-2008-6827

exploit

vulnerability

privilege escalation

nvd

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

5.2%

JSON

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a “Shatter” style attack on the “command prompt” hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

Affected configurations

Nvd

Node

symantecaltiris_deployment_solutionRange6.0–6.9.355

symantecaltiris_deployment_solutionMatch6.9.355-

VendorProductVersionCPE
symantecaltiris_deployment_solution*cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9.355cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	altiris_deployment_solution	*	cpe:2.3:a:symantec:altiris_deployment_solution::::::::
symantec	altiris_deployment_solution	6.9.355	cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-::::::

References

marc.info/?l=bugtraq&m=122460544316205&w=2

osvdb.org/49426

secunia.com/advisories/31773

www.insomniasec.com/advisories/ISVA-081020.1.htm

www.securityfocus.com/bid/31766

www.securitytracker.com/id?1021071

www.symantec.com/avcenter/security/Content/2008.10.20a.html

www.vupen.com/english/advisories/2008/2876

exchange.xforce.ibmcloud.com/vulnerabilities/46006

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-6827