Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://sotiriu.de/adv/NSOADV-2009-001.txt | exploit |
| http://www.securityfocus.com/bid/36698 | patch vdb entry exploit |
| http://www.vupen.com/english/advisories/2009/3117 | patch vendor advisory vdb entry |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00 | |
| http://www.securityfocus.com/archive/1/507625/100/0/threaded | mailing list |
| https://kb.altiris.com/article.asp?article=49568&p=1 | vendor advisory |
| https://kb.altiris.com/article.asp?article=49389&p=1 | vendor advisory |