7.2
CVE-2009-3108
- EPSS 0.38%
- Veröffentlicht 08.09.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:10:57
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Symantec ≫ Altiris Deployment Solution Version6.9
Symantec ≫ Altiris Deployment Solution Version6.9 Updatesp1
Symantec ≫ Altiris Deployment Solution Version6.9.164
Symantec ≫ Altiris Deployment Solution Version6.9.176
Symantec ≫ Altiris Deployment Solution Version6.9.355
Symantec ≫ Altiris Deployment Solution Version6.9.355 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.291 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/36502
http://www.securitytracker.com/id?1022779
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_00
http://www.securityfocus.com/bid/36111