Vulnerabilities > Symantec > Altiris Deployment Solution

DATE CVE VULNERABILITY TITLE RISK
2018-02-19 CVE-2010-0109 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Symantec Altiris Deployment Solution
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.
low complexity
symantec CWE-119
6.5
2009-06-08 CVE-2008-6828 Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
local
low complexity
symantec CWE-312
7.8
2009-06-08 CVE-2008-6827 Missing Authentication for Critical Function vulnerability in Symantec Altiris Deployment Solution
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
local
low complexity
symantec CWE-306
7.8