CVE-2008-6827

EPSS 1.56%
Veröffentlicht 08.06.2009 19:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Symantec ≫ Altiris Deployment Solution Version >= 6.0 < 6.9.355

Symantec ≫ Altiris Deployment Solution Version6.9.355 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.56%	0.797

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	3.1	10	AV:L/AC:L/Au:S/C:C/I:C/A:C

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://marc.info/?l=bugtraq&m=122460544316205&w=2

Mailing List

http://osvdb.org/49426

Broken Link

http://secunia.com/advisories/31773

Vendor Advisory

Broken Link

http://www.insomniasec.com/advisories/ISVA-081020.1.htm

Patch

Broken Link

http://www.securityfocus.com/bid/31766

Third Party Advisory