In association with heise online

26 November 2009, 11:17

Symantec patches Altiris solutions - again

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has released yet another security update for several of its Altiris resource management products to patch a critical vulnerability. Once again, the problem relates to the web-based management servers which install a vulnerable ActiveX control, affecting the ConsoleUtilities (AeXNSConsoleUtilities.dll). At the beginning of the month, the manufacturer had already released an update to close a critical gap in the control.

According to the advisory, the RunCmd vulnerability "could potentially allow unauthorised execution of arbitrary code". For an attack to be successful, a victim must first be tricked into downloading malicious content by visiting a specially crafted web page. Symantec Altiris Deployment Solution 6.9.x, Symantec Altiris Notification Server 6.0.x and Symantec Management Platform 7.0.x are affected.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-869575
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit