CVE-2009-3108

CWE-2643 documents3 sources
Severity
7.2HIGH
EPSS
0.0%
top 87.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Altiris Deployment Solution
Timeline
PublishedSep 8
Latest updateMay 2

Description

The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-gfq6-4prx-wrrm: The Aclient GUI in Symantec Altiris Deployment Solution 62022-05-02
CVEList
CVE-2009-3108: The Aclient GUI in Symantec Altiris Deployment Solution 62009-09-08
CVE-2009-3108 (HIGH CVSS 7.2) | The Aclient GUI in Symantec Altiris | cvebase.io