CVE-2009-3033

Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.

Published: Nov 25, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-3033
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
symantec / altiris_notification_server	6.0_sp3	6.0_sp3.x
symantec / altiris_notification_server	6.0-sp3	6.0-sp3.x
symantec / altiris_management_platform	7.0	7.0.x
symantec / altiris_deployment_solution	6.9-sp2	6.9-sp2.x
symantec / altiris_deployment_solution	6.9	6.9.x
symantec / altiris_notification_server	6.0-sp3_r7	6.0-sp3_r7.x
symantec / altiris_deployment_solution	6.9-sp1	6.9-sp1.x
symantec / altiris_deployment_solution	6.9.164	6.9.164.x
symantec / altiris_notification_server	6.0-sp2	6.0-sp2.x
symantec / altiris_management_platform	7.0-sp1	7.0-sp1.x
symantec / altiris_deployment_solution	6.9.176	6.9.176.x
symantec / altiris_deployment_solution	6.9-sp3	6.9-sp3.x
symantec / altiris_deployment_solution	6.9.355-sp1	6.9.355-sp1.x
symantec / altiris_notification_server	6.0	6.0.x
symantec / altiris_notification_server	6.0-sp1	6.0-sp1.x
symantec / altiris_deployment_solution	6.9.355	6.9.355.x

Vulnerability Database

300,991

CVE-2009-3033

Deep Security Visibility Without the Complexity