CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 11/27/2009
CVE: CVE-2009-3033
BID: 37092
OSVDB: 60496
Symantec Altiris Deployment Solution provides tools to deploy software on desktops and servers.
A buffer overflow vulnerability in the AeXNSConsoleUtilities ActiveX control allows command execution when a user loads a web page which calls the RunCmd method with specially crafted arguments.
Apply the update as described in SYM09-016.
<http://secunia.com/advisories/37462/>
Exploit works on Symantec Altiris Deployment Solution 6.9 SP3 and requires a user to load the exploit page in Internet Explorer 6 or 7.
Windows