Vulnerabilities > Symantec > Altiris Deployment Solution > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-11 | CVE-2009-3178 | Remote vulnerability in Symantec Altiris Deployment Solution 6.9 Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information. | 7.8 |
| 2009-09-08 | CVE-2009-3108 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. | 7.2 |
| 2009-06-08 | CVE-2008-6828 | Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | 7.8 |
| 2009-06-08 | CVE-2008-6827 | Missing Authentication for Critical Function vulnerability in Symantec Altiris Deployment Solution The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. | 7.8 |
| 2008-05-18 | CVE-2008-2291 | Credentials Management vulnerability in Symantec Altiris Deployment Solution 6.8 axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. | 7.5 |
| 2008-05-18 | CVE-2008-2290 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9 Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | 7.2 |
| 2008-05-18 | CVE-2008-2289 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | 7.2 |
| 2008-05-18 | CVE-2008-2287 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9 Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse. | 7.2 |
| 2008-05-18 | CVE-2008-2286 | SQL Injection vulnerability in Symantec Altiris Deployment Solution 6.8/6.9 SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet. | 7.5 |
| 2008-03-24 | CVE-2008-1473 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack. | 7.2 |