Vulnerabilities > Symantec

DATE CVE VULNERABILITY TITLE RISK
2009-09-11 CVE-2009-3179 Remote Security vulnerability in Symantec Altiris Deployment Solution 6.9
Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information.
network
low complexity
symantec
critical
10.0
2009-09-11 CVE-2009-3178 Remote vulnerability in Symantec Altiris Deployment Solution 6.9
Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of 20090909, this disclosure has no actionable information.
network
low complexity
symantec
7.8
2009-09-08 CVE-2009-3110 Race Condition vulnerability in Symantec Altiris Deployment Solution
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.
network
symantec CWE-362
5.8
2009-09-08 CVE-2009-3109 Authentication Handshake Race Condition Security vulnerability in Symantec Altiris Deployment Solution 6.9
Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.
network
symantec
critical
9.3
2009-09-08 CVE-2009-3108 Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.
local
low complexity
symantec CWE-264
7.2
2009-09-08 CVE-2009-3104 Resource Management Errors vulnerability in Symantec products
Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors.
network
symantec CWE-399
4.3
2009-09-01 CVE-2009-3037 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.
network
ibm symantec autonomy CWE-119
critical
9.3
2009-07-22 CVE-2009-2570 Buffer Errors vulnerability in Symantec Winfax PRO 10.03
Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DLL in Symantec WinFax Pro 10.03 allows remote attackers to execute arbitrary code via a long argument to the AppendFax method.
network
symantec CWE-119
critical
9.3
2009-06-08 CVE-2008-6828 Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.
local
low complexity
symantec CWE-312
7.8
2009-06-08 CVE-2008-6827 Missing Authentication for Critical Function vulnerability in Symantec Altiris Deployment Solution
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
local
low complexity
symantec CWE-306
7.8