6.8

CVE-2009-3028

Exploit

EPSS 72.03%
Published 07.03.2011 21:00:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Altiris Deployment Solution Version6.9

Symantec ≫ Altiris Deployment Solution Version6.9 Updatesp1

Symantec ≫ Altiris Deployment Solution Version6.9 Updatesp2

Symantec ≫ Altiris Deployment Solution Version6.9 Updatesp3

Symantec ≫ Altiris Deployment Solution Version6.9 Updatesp4

Symantec ≫ Altiris Notification Server Version6.0

Symantec ≫ Altiris Notification Server Version6.0 Updatesp1

Symantec ≫ Altiris Notification Server Version6.0 Updatesp1_hf12

Symantec ≫ Altiris Notification Server Version6.0 Updatesp2

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r1

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r10

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r11

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r12

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r13

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r2

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r3

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r4

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r5

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r6

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r7

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r8

Symantec ≫ Altiris Notification Server Version6.0 Updatesp3_r9

Symantec ≫ Management Platform Version7.0

Symantec ≫ Management Platform Version7.0 Updaterc5

Symantec ≫ Management Platform Version7.0 Updatesp1

Symantec ≫ Management Platform Version7.0 Updatesp2

Symantec ≫ Management Platform Version7.0 Updatesp3

Symantec ≫ Management Platform Version7.0 Updatesp4

Symantec ≫ Management Platform Version7.0 Updatesp5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	72.03%	0.986

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/36679

Vendor Advisory

http://www.osvdb.org/57893

http://www.securityfocus.com/bid/36346

Exploit

http://www.symantec.com/business/support/index?page=content&id=TECH44885

Patch

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00

https://nvd.nist.gov/vuln/detail/CVE-2009-3028

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3028

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3028

EUVD