Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-3028
HistoryMar 07, 2011 - 9:00 p.m.

CVE-2009-3028

2011-03-0721:00:01
[email protected]
web.nvd.nist.gov
5

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.705

Percentile

98.1%

JSON

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

Affected configurations

Nvd
Node
symantecaltiris_deployment_solutionMatch6.9
OR
symantecaltiris_deployment_solutionMatch6.9sp1
OR
symantecaltiris_deployment_solutionMatch6.9sp2
OR
symantecaltiris_deployment_solutionMatch6.9sp3
OR
symantecaltiris_deployment_solutionMatch6.9sp4
Node
symantecaltiris_notification_serverMatch6.0
OR
symantecaltiris_notification_serverMatch6.0sp1
OR
symantecaltiris_notification_serverMatch6.0sp1_hf12
OR
symantecaltiris_notification_serverMatch6.0sp2
OR
symantecaltiris_notification_serverMatch6.0sp3
OR
symantecaltiris_notification_serverMatch6.0sp3_r1
OR
symantecaltiris_notification_serverMatch6.0sp3_r10
OR
symantecaltiris_notification_serverMatch6.0sp3_r11
OR
symantecaltiris_notification_serverMatch6.0sp3_r12
OR
symantecaltiris_notification_serverMatch6.0sp3_r13
OR
symantecaltiris_notification_serverMatch6.0sp3_r2
OR
symantecaltiris_notification_serverMatch6.0sp3_r3
OR
symantecaltiris_notification_serverMatch6.0sp3_r4
OR
symantecaltiris_notification_serverMatch6.0sp3_r5
OR
symantecaltiris_notification_serverMatch6.0sp3_r6
OR
symantecaltiris_notification_serverMatch6.0sp3_r7
OR
symantecaltiris_notification_serverMatch6.0sp3_r8
OR
symantecaltiris_notification_serverMatch6.0sp3_r9
Node
symantecmanagement_platformMatch7.0
OR
symantecmanagement_platformMatch7.0rc5
OR
symantecmanagement_platformMatch7.0sp1
OR
symantecmanagement_platformMatch7.0sp2
OR
symantecmanagement_platformMatch7.0sp3
OR
symantecmanagement_platformMatch7.0sp4
OR
symantecmanagement_platformMatch7.0sp5
VendorProductVersionCPE
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp4:*:*:*:*:*:*
symantecaltiris_notification_server6.0cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*
symantecaltiris_notification_server6.0cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*
symantecaltiris_notification_server6.0cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1_hf12:*:*:*:*:*:*
symantecaltiris_notification_server6.0cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*
symantecaltiris_notification_server6.0cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*
Rows per page:
1-10 of 301

Related

kaspersky 1
d2 1
packetstorm 1
exploitdb 1
nessus 1
symantec 1
cve 1
checkpoint_advisories 1
prion 1
cvelist 1
metasploit 1
kaspersky
kaspersky
KLA10058 WLF vulnerability in Altiris Notification Server
2011-03-07 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_ALTIRISNS
2011-03-07 21:00:00
packetstorm
packetstorm
Symantec Altiris Deployment Solution ActiveX Control Arbitrary File Download and Execute.
2009-11-26 00:00:00
exploitdb
exploitdb
Symantec Altiris Deployment Solution - ActiveX Control Arbitrary File Download and Execute (Metasploit)
2010-11-24 00:00:00
nessus
nessus
Altiris Altiris.AeXNSPkgDL.1 ActiveX Control DownloadAndInstall() Method Arbitrary Code Execution
2009-09-23 00:00:00
symantec
symantec
Symantec Altiris Deployment Solution and Notification Server Management Console FileDownload Vulnera
2009-09-22 08:00:00
cve
cve
CVE-2009-3028
2011-03-07 21:00:01
checkpoint_advisories
checkpoint_advisories
Symantec Altiris Deployment Solution ActiveX File Download (CVE-2009-3028)
2009-09-29 00:00:00
prion
prion
Design/Logic Flaw
2011-03-07 21:00:00
cvelist
cvelist
CVE-2009-3028
2011-03-07 20:00:00
metasploit
metasploit
Symantec Altiris Deployment Solution ActiveX Control Arbitrary File Download and Execute
2009-09-09 22:30:01

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.705

Percentile

98.1%

JSON
Related for NVD:CVE-2009-3028
kaspersky1d21packetstorm1exploitdb1nessus1symantec1cve1checkpoint_advisories1prion1cvelist1metasploit1