CVE-2009-3031

2009-11-0316:30:10

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.96

Percentile

99.5%

JSON

Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.

Affected configurations

Nvd

Node

symantecaltiris_deployment_solutionMatch6.9

symantecaltiris_deployment_solutionMatch6.9sp1

symantecaltiris_deployment_solutionMatch6.9sp2

symantecaltiris_deployment_solutionMatch6.9sp3

symantecaltiris_management_platformMatch7.0

symantecaltiris_management_platformMatch7.0sp1

symantecaltiris_notification_serverMatch6.0

symantecaltiris_notification_serverMatch6.0sp1

symantecaltiris_notification_serverMatch6.0sp2

symantecaltiris_notification_serverMatch6.0sp3

symantecaltiris_notification_serverMatch6.0sp3_r7

symantecaltiris_notification_serverMatch7.0

symantecaltiris_notification_serverMatch7.0sp3

VendorProductVersionCPE
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
symantecaltiris_deployment_solution6.9cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
symantecaltiris_management_platform7.0cpe:2.3:a:symantec:altiris_management_platform:7.0:*:*:*:*:*:*:*
symantecaltiris_management_platform7.0cpe:2.3:a:symantec:altiris_management_platform:7.0:sp1:*:*:*:*:*:*
symantecaltiris_notification_server6.0cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*
symantecaltiris_notification_server6.0cpe:2.3:a:symantec:altiris_notification_server:6.0:*:sp1:*:*:*:*:*
symantecaltiris_notification_server6.0cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*
symantecaltiris_notification_server6.0cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	altiris_deployment_solution	6.9	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:::::::*
symantec	altiris_deployment_solution	6.9	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1::::::
symantec	altiris_deployment_solution	6.9	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2::::::
symantec	altiris_deployment_solution	6.9	cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3::::::
symantec	altiris_management_platform	7.0	cpe:2.3:a:symantec:altiris_management_platform:7.0:::::::*
symantec	altiris_management_platform	7.0	cpe:2.3:a:symantec:altiris_management_platform:7.0:sp1::::::
symantec	altiris_notification_server	6.0	cpe:2.3:a:symantec:altiris_notification_server:6.0:::::::*
symantec	altiris_notification_server	6.0	cpe:2.3:a:symantec:altiris_notification_server:6.0::sp1:::::
symantec	altiris_notification_server	6.0	cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2::::::
symantec	altiris_notification_server	6.0	cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3::::::