CVE-2009-3028

{"id": "CVE-2009-3028", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-03-07T21:00:01.110", "references": [{"url": "http://secunia.com/advisories/36679", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/57893", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36346", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/business/support/index?page=content&id=TECH44885", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method."}, {"lang": "es", "value": "En Altiris eXpress NS SC la descarga del control ActiveX en AeXNSPkgDLLib.dll, como en Symantec Altiris Deployment Solution v6.9.x, Notification Server v6.0.x, y Symantec Management Platform v7.0.x expone un m\u00e9todo inseguro, que permite a atacantes remotos forzar la descarga de archivos arbitrarios y, posiblemente, ejecutar c\u00f3digo arbitrario a trav\u00e9s del m\u00e9todo DownloadAndInstall."}], "lastModified": "2013-02-07T04:21:27.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0002047-0965-4086-A5E6-AEC02200B6CF"}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBD29C7F-B147-4CDE-8AC3-FCA6CA15C464"}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DC0FB60-BF58-455B-B5D1-97EDF2D6D0E5"}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ACB4D1D-08D2-424B-B4F6-13FCDF034833"}, {"criteria": "cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE56560F-6F51-479E-B69F-3F750C8A2F31"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68AF67FB-5FC8-4EAA-AF09-35D4740B967F"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B096EB3-F1E7-4933-972A-0E142CA854A5"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1_hf12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FBCFF03-8C4F-4452-B841-36FEEB95E6F9"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C13D2DE-7EA0-4963-BA60-5D01E037D954"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D085BB2-1012-4386-AEE9-31870673BF55"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADDD1F0C-3B7B-4D32-933A-A7D3E65B6049"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "268EEE3E-B7D2-4739-80CB-64284A86CDA9"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00A3F84C-1C78-4AD9-9EFD-C3E8F0935224"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32BA7815-2572-496E-AC6E-4323813EEF96"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7305D8F0-3928-434D-ADAE-788096731CDB"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E4DF22A-2516-41F2-B89C-F2424A6C56A5"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "419553B5-49BC-4789-BD32-959CF479062E"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CB72176-8471-443B-BF06-829A51CCF71E"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4217C68A-2B6A-4C62-88F1-3D22C1BAE7F5"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1D0DA71-27E9-4AD8-8D73-2F311646E989"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E187D85-9F75-4749-9682-29F66D919E12"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "548B4DF2-D7EC-4BE7-BA52-2BDEF5577F49"}, {"criteria": "cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC6B03D5-0E10-43CE-9B9A-4E232FF4FAEF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:management_platform:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B04B5F5-B488-4F85-9CEB-739E8B99FC54"}, {"criteria": "cpe:2.3:a:symantec:management_platform:7.0:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F153884E-6C9B-4E33-9D01-804AD1FE99A3"}, {"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03C0AEC5-CB51-455B-A76B-F3F7D60F884A"}, {"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D740F499-2924-4807-AACE-A60391F9EF52"}, {"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A6EB8C4-3D2B-4A78-A670-418B36F0F0EE"}, {"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25FDAAB9-F0E2-448A-B5E8-2E12EE3E2BBC"}, {"criteria": "cpe:2.3:a:symantec:management_platform:7.0:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F26C12D4-2DC0-4BE2-A4ED-B58EE433352A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}