CVE-2009-3028

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
symantecaltiris_deployment_solution
6.9
symantecaltiris_deployment_solution
6.9:sp1
symantecaltiris_deployment_solution
6.9:sp2
symantecaltiris_deployment_solution
6.9:sp3
symantecaltiris_deployment_solution
6.9:sp4
symantecaltiris_notification_server
6.0
symantecaltiris_notification_server
6.0:sp1
symantecaltiris_notification_server
6.0:sp1_hf12
symantecaltiris_notification_server
6.0:sp2
symantecaltiris_notification_server
6.0:sp3
symantecaltiris_notification_server
6.0:sp3_r1
symantecaltiris_notification_server
6.0:sp3_r10
symantecaltiris_notification_server
6.0:sp3_r11
symantecaltiris_notification_server
6.0:sp3_r12
symantecaltiris_notification_server
6.0:sp3_r13
symantecaltiris_notification_server
6.0:sp3_r2
symantecaltiris_notification_server
6.0:sp3_r3
symantecaltiris_notification_server
6.0:sp3_r4
symantecaltiris_notification_server
6.0:sp3_r5
symantecaltiris_notification_server
6.0:sp3_r6
symantecaltiris_notification_server
6.0:sp3_r7
symantecaltiris_notification_server
6.0:sp3_r8
symantecaltiris_notification_server
6.0:sp3_r9
symantecmanagement_platform
7.0
symantecmanagement_platform
7.0:rc5
symantecmanagement_platform
7.0:sp1
symantecmanagement_platform
7.0:sp2
symantecmanagement_platform
7.0:sp3
symantecmanagement_platform
7.0:sp4
symantecmanagement_platform
7.0:sp5
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/36679
http://www.osvdb.org/57893
http://www.securityfocus.com/bid/36346
http://www.symantec.com/business/support/index?page=content&id=TECH44885
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00
http://secunia.com/advisories/36679
http://www.osvdb.org/57893
http://www.securityfocus.com/bid/36346
http://www.symantec.com/business/support/index?page=content&id=TECH44885
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00