CVE-2009-3028
Published Mar 7, 2011
Last updated 12 years ago
Overview
- Description
- The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ACB4D1D-08D2-424B-B4F6-13FCDF034833"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE56560F-6F51-479E-B69F-3F750C8A2F31"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68AF67FB-5FC8-4EAA-AF09-35D4740B967F"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B096EB3-F1E7-4933-972A-0E142CA854A5"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1_hf12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FBCFF03-8C4F-4452-B841-36FEEB95E6F9"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C13D2DE-7EA0-4963-BA60-5D01E037D954"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D085BB2-1012-4386-AEE9-31870673BF55"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADDD1F0C-3B7B-4D32-933A-A7D3E65B6049"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "268EEE3E-B7D2-4739-80CB-64284A86CDA9"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00A3F84C-1C78-4AD9-9EFD-C3E8F0935224"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32BA7815-2572-496E-AC6E-4323813EEF96"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7305D8F0-3928-434D-ADAE-788096731CDB"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E4DF22A-2516-41F2-B89C-F2424A6C56A5"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "419553B5-49BC-4789-BD32-959CF479062E"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CB72176-8471-443B-BF06-829A51CCF71E"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4217C68A-2B6A-4C62-88F1-3D22C1BAE7F5"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1D0DA71-27E9-4AD8-8D73-2F311646E989"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E187D85-9F75-4749-9682-29F66D919E12"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "548B4DF2-D7EC-4BE7-BA52-2BDEF5577F49"
},
{
"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC6B03D5-0E10-43CE-9B9A-4E232FF4FAEF"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B04B5F5-B488-4F85-9CEB-739E8B99FC54"
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F153884E-6C9B-4E33-9D01-804AD1FE99A3"
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03C0AEC5-CB51-455B-A76B-F3F7D60F884A"
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D740F499-2924-4807-AACE-A60391F9EF52"
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A6EB8C4-3D2B-4A78-A670-418B36F0F0EE"
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25FDAAB9-F0E2-448A-B5E8-2E12EE3E2BBC"
},
{
"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F26C12D4-2DC0-4BE2-A4ED-B58EE433352A"
}
],
"operator": "OR"
}
]
}
]