CVE-2009-3028 Information

Description

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll as used in Symantec Altiris Deployment Solution 6.9.x Notification Server 6.0.x and Symantec Management Platform 7.0.x exposes an unsafe method which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

Reference

http://secunia.com/advisories/36679 http://www.osvdb.org/57893 http://www.securityfocus.com/bid/36346 http://www.symantec.com/business/support/index?page=content&id=TECH44885 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00