{ "id": "CVE-2009-3028", "sourceIdentifier": "cve@mitre.org", "published": "2011-03-07T21:00:01.110", "lastModified": "2024-11-21T01:06:20.790", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method." }, { "lang": "es", "value": "En Altiris eXpress NS SC la descarga del control ActiveX en AeXNSPkgDLLib.dll, como en Symantec Altiris Deployment Solution v6.9.x, Notification Server v6.0.x, y Symantec Management Platform v7.0.x expone un m\u00e9todo inseguro, que permite a atacantes remotos forzar la descarga de archivos arbitrarios y, posiblemente, ejecutar c\u00f3digo arbitrario a trav\u00e9s del m\u00e9todo DownloadAndInstall." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "baseScore": 6.8, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*", "matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*", "matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ACB4D1D-08D2-424B-B4F6-13FCDF034833" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp4:*:*:*:*:*:*", "matchCriteriaId": "EE56560F-6F51-479E-B69F-3F750C8A2F31" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "68AF67FB-5FC8-4EAA-AF09-35D4740B967F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "0B096EB3-F1E7-4933-972A-0E142CA854A5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1_hf12:*:*:*:*:*:*", "matchCriteriaId": "9FBCFF03-8C4F-4452-B841-36FEEB95E6F9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "0C13D2DE-7EA0-4963-BA60-5D01E037D954" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "8D085BB2-1012-4386-AEE9-31870673BF55" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r1:*:*:*:*:*:*", "matchCriteriaId": "ADDD1F0C-3B7B-4D32-933A-A7D3E65B6049" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r10:*:*:*:*:*:*", "matchCriteriaId": "268EEE3E-B7D2-4739-80CB-64284A86CDA9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r11:*:*:*:*:*:*", "matchCriteriaId": "00A3F84C-1C78-4AD9-9EFD-C3E8F0935224" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r12:*:*:*:*:*:*", "matchCriteriaId": "32BA7815-2572-496E-AC6E-4323813EEF96" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r13:*:*:*:*:*:*", "matchCriteriaId": "7305D8F0-3928-434D-ADAE-788096731CDB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r2:*:*:*:*:*:*", "matchCriteriaId": "4E4DF22A-2516-41F2-B89C-F2424A6C56A5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r3:*:*:*:*:*:*", "matchCriteriaId": "419553B5-49BC-4789-BD32-959CF479062E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r4:*:*:*:*:*:*", "matchCriteriaId": "9CB72176-8471-443B-BF06-829A51CCF71E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r5:*:*:*:*:*:*", "matchCriteriaId": "4217C68A-2B6A-4C62-88F1-3D22C1BAE7F5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r6:*:*:*:*:*:*", "matchCriteriaId": "B1D0DA71-27E9-4AD8-8D73-2F311646E989" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*", "matchCriteriaId": "5E187D85-9F75-4749-9682-29F66D919E12" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*", "matchCriteriaId": "548B4DF2-D7EC-4BE7-BA52-2BDEF5577F49" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r9:*:*:*:*:*:*", "matchCriteriaId": "EC6B03D5-0E10-43CE-9B9A-4E232FF4FAEF" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:management_platform:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B04B5F5-B488-4F85-9CEB-739E8B99FC54" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:management_platform:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "F153884E-6C9B-4E33-9D01-804AD1FE99A3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "03C0AEC5-CB51-455B-A76B-F3F7D60F884A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "D740F499-2924-4807-AACE-A60391F9EF52" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "9A6EB8C4-3D2B-4A78-A670-418B36F0F0EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "25FDAAB9-F0E2-448A-B5E8-2E12EE3E2BBC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "F26C12D4-2DC0-4BE2-A4ED-B58EE433352A" } ] } ] } ], "references": [ { "url": "http://secunia.com/advisories/36679", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.osvdb.org/57893", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/36346", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.symantec.com/business/support/index?page=content&id=TECH44885", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/36679", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.osvdb.org/57893", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/36346", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://www.symantec.com/business/support/index?page=content&id=TECH44885", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }