Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow

Added: 11/06/2009
CVE: CVE-2009-3031
BID: 36698
OSVDB: 59597

Background

Symantec Altiris Deployment Solution provides tools to deploy software on desktops and servers.

Problem

A stack buffer overflow vulnerability in the AeXNSConsoleUtilities.dll ActiveX control allows remote attackers to execute arbitrary commands when processing overly long arguments passed to the BrowseAndSaveFile() method.

Resolution

Apply one of the solutions shown in SYM09-015.

References

http://www.securityfocus.com/bid/36698

Limitations

Exploit works on Symantec Altiris Deployment Solution 6.9 and requires the user to open the exploit page in Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index