Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3033

CWE-119 — Buffer Overflow4 documents4 sources

Severity

9.3CRITICAL

EPSS

72.5%

top 1.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Altiris Deployment Solution Symantec Altiris Management Platform Symantec Altiris Notification Server

Timeline

PublishedNov 25

Latest updateMay 2

Description

Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDsymantec/altiris_deployment_solution4 versions+3

▶NVDsymantec/altiris_management_platform7.0

▶NVDsymantec/altiris_notification_server6.0, 6.0_sp3+1

Patches

Patch: www.securityfocus.com ↗Patch: kb.altiris.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2rq6-m3fr-ffm2: Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities↗2022-05-02

▶

CVEList

CVE-2009-3033: Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities↗2009-11-25

▶

💥Exploits & PoCs

Exploit-DB

Symantec Altiris Deployment Solution - ActiveX Control Buffer Overflow (Metasploit)↗2010-05-09

▶