Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-3028 | First vendor Publication | 2011-03-07 |
Vendor | Cve | Last vendor Modification | 2013-02-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3028 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57893 | Symantec Altiris eXpress NS SC Download Altiris.AeXNSPkgDL.1 ActiveX (AeXNSPk... A code execution flaw exists in Altiris. The AeXNSPkgDLLib.dll ActiveX fails to validate input to the DownloadAndInstall() method resulting in code execution. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX function call ... RuleID : 17095 - Revision : 3 - Type : WEB-ACTIVEX |
2014-01-10 | Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX function call ... RuleID : 17094 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX clsid unicode ... RuleID : 17093 - Revision : 3 - Type : WEB-ACTIVEX |
2014-01-10 | Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX clsid access RuleID : 17092 - Revision : 9 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-09-23 | Name : The remote Windows host has an ActiveX control that allows execution of arbit... File : altiris_aexnspkgdllib_activex_download.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:10:03 |
|
2021-04-22 01:10:26 |
|
2020-05-23 13:16:53 |
|
2020-05-23 00:24:16 |
|
2016-06-28 17:48:52 |
|
2016-04-26 19:04:43 |
|
2014-02-17 10:51:27 |
|
2014-01-19 21:26:09 |
|
2013-05-10 23:56:20 |
|
2013-02-07 13:19:36 |
|