CVE-2008-6827

EPSS 1.56%
Published 08.06.2009 19:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Altiris Deployment Solution Version >= 6.0 < 6.9.355

Symantec ≫ Altiris Deployment Solution Version6.9.355 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.56%	0.797

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	3.1	10	AV:L/AC:L/Au:S/C:C/I:C/A:C

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://marc.info/?l=bugtraq&m=122460544316205&w=2

Mailing List

http://osvdb.org/49426

Broken Link

http://secunia.com/advisories/31773

Vendor Advisory

Broken Link

http://www.insomniasec.com/advisories/ISVA-081020.1.htm

Patch

Broken Link

http://www.securityfocus.com/bid/31766

Third Party Advisory