CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-3031

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile20.12th
Published2009年11月3日
Last Modified2026年4月23日

Vulnerability Description

Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.

Affected Platforms (CPE)

📦
Symantec

Altiris Deployment Solution

= 6.9
📦
Symantec

Altiris Deployment Solution

= 6.9
📦
Symantec

Altiris Deployment Solution

= 6.9
📦
Symantec

Altiris Deployment Solution

= 6.9
📦
Symantec

Altiris Management Platform

= 7.0
📦
Symantec

Altiris Management Platform

= 7.0
📦
Symantec

Altiris Notification Server

= 6.0
📦
Symantec

Altiris Notification Server

= 6.0
📦
Symantec

Altiris Notification Server

= 6.0
📦
Symantec

Altiris Notification Server

= 6.0
📦
Symantec

Altiris Notification Server

= 6.0
📦
Symantec

Altiris Notification Server

= 7.0
📦
Symantec

Altiris Notification Server

= 7.0

References & Advisories

🔗 http://sotiriu.de/adv/NSOADV-2009-001.txt
🔗 http://www.securityfocus.com/archive/1/507625/100/0/threaded
🔗 http://www.securityfocus.com/bid/36698
🔗 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00
🔗 http://www.vupen.com/english/advisories/2009/3117
🔗 https://kb.altiris.com/article.asp?article=49389&p=1
🔗 https://kb.altiris.com/article.asp?article=49568&p=1
🔗 http://sotiriu.de/adv/NSOADV-2009-001.txt

関連する脆弱性情報

CVE-2012-029010.0

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris...

CVE-2009-317910.0

Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary...

CVE-2004-262210.0

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it co...

CVE-2009-31099.3

Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-ba...