Vulnerabilities > Symantec > Altiris Deployment Solution > Critical

DATE CVE VULNERABILITY TITLE RISK
2009-11-25 CVE-2009-3033 Buffer Errors vulnerability in Symantec products
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
network
symantec CWE-119
critical
9.3
2009-11-03 CVE-2009-3031 Buffer Errors vulnerability in Symantec products
Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.
network
symantec CWE-119
critical
9.3
2009-09-11 CVE-2009-3179 Remote Security vulnerability in Symantec Altiris Deployment Solution 6.9
Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information.
network
low complexity
symantec
critical
10.0
2009-09-08 CVE-2009-3109 Authentication Handshake Race Condition Security vulnerability in Symantec Altiris Deployment Solution 6.9
Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.
network
symantec
critical
9.3
2009-03-18 CVE-2008-4564 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.
network
autonomy ibm symantec CWE-119
critical
9.3