Bugraq ID: 36698 CVE ID:CVE-2009-3031 Symantec Altiris Deployment Solution是自动化的操作系统部署解决方案,用于从统一的位置部署和管理服务器、桌面和笔记本等。 在初次访问Altiris Deployment Solution等产品管理服务器的管理WEB站点时会安装一个ActiveX控件(AeXNSConsoleUtilities.dll),此函数"BrowseAndSaveFile"存在一个基于栈的缓冲区溢出: Name: ConsoleUtilities Class Vendor: Altiris, Inc. Type: ActiveX-Steuerelement Version: 6.0.0.1846 GUID: {B44D252D-98FC-4D5C-948C-BE868392A004} File: AeXNSConsoleUtilities.dll Folder: C:\WINDOWS\system32 提交超长的字符串作为"BrowseAndSaveFile"函数的参数,可触发基于栈的缓冲区溢出,攻击者构建恶意WEB页,诱使用户解析可以应用程序权限执行任意指令。 Altiris Deployment Solution 6.x Altiris Notification Server 6.x Symantec Altiris ConsoleUtilities ActiveX Control 6.x Symantec Management Platform 7.x 用户可参考如下供应商提供的升级程序: 、Symantec Altiris Deployment Solution 6.9 SP1 Symantec AltirisNSConsole.zip https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568 Symantec Altiris Deployment Solution 6.9 Symantec AltirisNSConsole.zip https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568...
Bugraq ID: 36698 CVE ID:CVE-2009-3031 Symantec Altiris Deployment Solution是自动化的操作系统部署解决方案,用于从统一的位置部署和管理服务器、桌面和笔记本等。 在初次访问Altiris Deployment Solution等产品管理服务器的管理WEB站点时会安装一个ActiveX控件(AeXNSConsoleUtilities.dll),此函数"BrowseAndSaveFile"存在一个基于栈的缓冲区溢出: Name: ConsoleUtilities Class Vendor: Altiris, Inc. Type: ActiveX-Steuerelement Version: 6.0.0.1846 GUID: {B44D252D-98FC-4D5C-948C-BE868392A004} File: AeXNSConsoleUtilities.dll Folder: C:\WINDOWS\system32 提交超长的字符串作为"BrowseAndSaveFile"函数的参数,可触发基于栈的缓冲区溢出,攻击者构建恶意WEB页,诱使用户解析可以应用程序权限执行任意指令。 Altiris Deployment Solution 6.x Altiris Notification Server 6.x Symantec Altiris ConsoleUtilities ActiveX Control 6.x Symantec Management Platform 7.x 用户可参考如下供应商提供的升级程序: 、Symantec Altiris Deployment Solution 6.9 SP1 Symantec AltirisNSConsole.zip https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568 Symantec Altiris Deployment Solution 6.9 Symantec AltirisNSConsole.zip https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568 Symantec Altiris Deployment Solution 6.9 SP3 Build 430 Symantec AltirisNSConsole.zip https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568 Symantec Altiris Deployment Solution 6.9.164 Symantec AltirisNSConsole.zip https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568 Symantec Altiris Deployment Solution 6.9.176 Symantec AltirisNSConsole.zip https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568 Symantec Altiris Deployment Solution 6.9.355 Symantec AltirisNSConsole.zip https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568 Symantec Altiris Deployment Solution 6.9.355 SP1 Symantec AltirisNSConsole.zip https://kb.altiris.com/utility/getfile.asp?rid=6364&aid=49568
