In association with heise online

03 November 2009, 17:22

Symantec patches Altiris solutions

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has released a security update for several of its Altiris resource management products. The web-based management servers in question install a vulnerable ActiveX control in Internet Explorer (IE) that allows attackers to inject and execute arbitrary code in a client. A simple visit to a specially crafted web page is all that is required for an attack to be successful.

Affected are Symantec Altiris Deployment Solution 6.9.x, Symantec Altiris Notification Server 6.0.x and Symantec Management Platform 7.0.x. Nikolas Sotiriu, who discovered the control's susceptibility to the relevant buffer overflow, has already published an exploit which demonstrates the vulnerability by starting the calculator under Windows.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-849218
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit