9.3

CVE-2009-3031

Exploit
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SymantecAltiris Deployment Solution Version6.9 Updatesp1
SymantecAltiris Deployment Solution Version6.9 Updatesp2
SymantecAltiris Deployment Solution Version6.9 Updatesp3
SymantecAltiris Management Platform Version7.0 Updatesp1
SymantecAltiris Notification Server Version6.0 Editionsp1
SymantecAltiris Notification Server Version6.0 Updatesp2
SymantecAltiris Notification Server Version6.0 Updatesp3
SymantecAltiris Notification Server Version6.0 Updatesp3_r7
SymantecAltiris Notification Server Version7.0 Updatesp3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 45.44% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://sotiriu.de/adv/NSOADV-2009-001.txt
Exploit
http://www.securityfocus.com/archive/1/507625/100/0/threaded
http://www.securityfocus.com/bid/36698
Patch
Exploit
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00
http://www.vupen.com/english/advisories/2009/3117
Patch
Vendor Advisory
https://kb.altiris.com/article.asp?article=49389&p=1
Vendor Advisory
https://kb.altiris.com/article.asp?article=49568&p=1
Vendor Advisory