CVE-2009-3033

Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.

Published: Nov 25, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3033
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
symantec / altiris_notification_server	6.0_sp3	6.0_sp3.x
symantec / altiris_notification_server	6.0-sp3	6.0-sp3.x
symantec / altiris_management_platform	7.0	7.0.x
symantec / altiris_deployment_solution	6.9-sp2	6.9-sp2.x
symantec / altiris_deployment_solution	6.9	6.9.x
symantec / altiris_notification_server	6.0-sp3_r7	6.0-sp3_r7.x
symantec / altiris_deployment_solution	6.9-sp1	6.9-sp1.x
symantec / altiris_deployment_solution	6.9.164	6.9.164.x
symantec / altiris_notification_server	6.0-sp2	6.0-sp2.x
symantec / altiris_management_platform	7.0-sp1	7.0-sp1.x
symantec / altiris_deployment_solution	6.9.176	6.9.176.x
symantec / altiris_deployment_solution	6.9-sp3	6.9-sp3.x
symantec / altiris_deployment_solution	6.9.355-sp1	6.9.355-sp1.x
symantec / altiris_notification_server	6.0	6.0.x
symantec / altiris_notification_server	6.0-sp1	6.0-sp1.x
symantec / altiris_deployment_solution	6.9.355	6.9.355.x

Vulnerability Database

290,206

CVE-2009-3033