Vulnerabilities > Symantec > Altiris Deployment Solution
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-08 | CVE-2008-6827 | Missing Authentication for Critical Function vulnerability in Symantec Altiris Deployment Solution The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. | 7.8 |
| 2009-03-18 | CVE-2008-4564 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file. | 9.3 |
| 2008-05-18 | CVE-2008-2291 | Credentials Management vulnerability in Symantec Altiris Deployment Solution 6.8 axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. | 7.5 |
| 2008-05-18 | CVE-2008-2290 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9 Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | 7.2 |
| 2008-05-18 | CVE-2008-2289 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | 7.2 |
| 2008-05-18 | CVE-2008-2288 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9 Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information. | 3.6 |
| 2008-05-18 | CVE-2008-2287 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9 Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse. | 7.2 |
| 2008-05-18 | CVE-2008-2286 | SQL Injection vulnerability in Symantec Altiris Deployment Solution 6.8/6.9 SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet. | 7.5 |
| 2008-04-11 | CVE-2008-1754 | Cryptographic Issues vulnerability in Symantec Altiris Deployment Solution 6.8/6.8.380 Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | 1.7 |
| 2008-03-24 | CVE-2008-1473 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack. | 7.2 |