7.8

CVE-2008-6827

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SymantecAltiris Deployment Solution Version >= 6.0 < 6.9.355
SymantecAltiris Deployment Solution Version6.9.355 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.08% 0.609
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 3.1 10
AV:L/AC:L/Au:S/C:C/I:C/A:C
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://marc.info/?l=bugtraq&m=122460544316205&w=2
Mailing List
http://osvdb.org/49426
Broken Link
http://secunia.com/advisories/31773
Vendor Advisory
Broken Link
http://www.insomniasec.com/advisories/ISVA-081020.1.htm
Patch
Broken Link
http://www.securityfocus.com/bid/31766
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1021071
Third Party Advisory
Broken Link
VDB Entry
http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
Patch
Vendor Advisory
Broken Link
http://www.vupen.com/english/advisories/2008/2876
Patch
Vendor Advisory
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/46006
Third Party Advisory
VDB Entry