CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3031

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile20.12th
PublishedNov 3, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.

Affected Platforms (CPE)

πŸ“¦
Symantec

Altiris Deployment Solution

= 6.9
πŸ“¦
Symantec

Altiris Deployment Solution

= 6.9
πŸ“¦
Symantec

Altiris Deployment Solution

= 6.9
πŸ“¦
Symantec

Altiris Deployment Solution

= 6.9
πŸ“¦
Symantec

Altiris Management Platform

= 7.0
πŸ“¦
Symantec

Altiris Management Platform

= 7.0
πŸ“¦
Symantec

Altiris Notification Server

= 6.0
πŸ“¦
Symantec

Altiris Notification Server

= 6.0
πŸ“¦
Symantec

Altiris Notification Server

= 6.0
πŸ“¦
Symantec

Altiris Notification Server

= 6.0
πŸ“¦
Symantec

Altiris Notification Server

= 6.0
πŸ“¦
Symantec

Altiris Notification Server

= 7.0
πŸ“¦
Symantec

Altiris Notification Server

= 7.0

References & Advisories

πŸ”— http://sotiriu.de/adv/NSOADV-2009-001.txt
πŸ”— http://www.securityfocus.com/archive/1/507625/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/36698
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00
πŸ”— http://www.vupen.com/english/advisories/2009/3117
πŸ”— https://kb.altiris.com/article.asp?article=49389&p=1
πŸ”— https://kb.altiris.com/article.asp?article=49568&p=1
πŸ”— http://sotiriu.de/adv/NSOADV-2009-001.txt

Related Vulnerabilities

CVE-2012-029010.0

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris...

CVE-2009-317910.0

Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary...

CVE-2004-262210.0

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it co...

CVE-2009-31099.3

Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-ba...