7.8
CVE-2008-6827
- EPSS 1.08%
- Veröffentlicht 08.06.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:03:03
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Symantec ≫ Altiris Deployment Solution Version >= 6.0 < 6.9.355
Symantec ≫ Altiris Deployment Solution Version6.9.355 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.08% | 0.609 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 3.1 | 10 |
AV:L/AC:L/Au:S/C:C/I:C/A:C
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
http://marc.info/?l=bugtraq&m=122460544316205&w=2
http://osvdb.org/49426
http://secunia.com/advisories/31773
http://www.insomniasec.com/advisories/ISVA-081020.1.htm
http://www.securityfocus.com/bid/31766
http://www.securitytracker.com/id?1021071
http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
http://www.vupen.com/english/advisories/2008/2876
https://exchange.xforce.ibmcloud.com/vulnerabilities/46006