Symantec Altiris eXpress NS SC Download ActiveX control vulnerability

Added: 09/22/2009
BID: 36346
OSVDB: 57893

Background

The Altiris eXpress NS SC Download ActiveX control is installed with several products, including Altiris Deployment Solution.

Problem

The Altiris eXpress NS SC Download ActiveX control allows remote files to be downloaded, saved to arbitrary locations, and executed when a user loads a specially crafted web page.

Resolution

Apply the hotfix referenced in Altiris knowledge base article 49069.

References

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00

Limitations

Exploit works on Altiris Deployment Solution 6.9 and requires a user to open the exploit page in Internet Explorer 6 or 7.

Platforms

Windows XP

Back to exploit index