Vulnerabilities > Symantec > Altiris Deployment Solution
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-19 | CVE-2010-0109 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Symantec Altiris Deployment Solution DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request. | 3.3 |
2011-03-07 | CVE-2009-3028 | Unspecified vulnerability in Symantec products The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method. network symantec | 6.8 |
2009-11-25 | CVE-2009-3033 | Buffer Errors vulnerability in Symantec products Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument. | 9.3 |
2009-11-03 | CVE-2009-3031 | Buffer Errors vulnerability in Symantec products Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument. | 9.3 |
2009-09-11 | CVE-2009-3179 | Remote Security vulnerability in Symantec Altiris Deployment Solution 6.9 Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. | 10.0 |
2009-09-11 | CVE-2009-3178 | Remote vulnerability in Symantec Altiris Deployment Solution 6.9 Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. | 7.8 |
2009-09-08 | CVE-2009-3110 | Race Condition vulnerability in Symantec Altiris Deployment Solution Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does. | 5.8 |
2009-09-08 | CVE-2009-3109 | Authentication Handshake Race Condition Security vulnerability in Symantec Altiris Deployment Solution 6.9 Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed. | 9.3 |
2009-09-08 | CVE-2009-3108 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. | 7.2 |
2009-06-08 | CVE-2008-6828 | Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | 7.8 |