Symantec Altiris eXpress NS SC Download ActiveX Control Arbitrary File Download Vulnerability

Altiris eXpress NS SC Download ActiveX control is prone to a vulnerability that can allow malicious files to be downloaded and saved to arbitrary locations on an affected computer.

Attackers may exploit this issue to put malicious files in arbitrary locations and execute them within the context of the affected application that uses the affected control (typically Internet Explorer). Other attacks are also possible.

Altiris eXpress NS SC Download ActiveX control 6.0.0.1418 is vulnerable; other versions may also be affected. This control is installed with the following applications:

Altiris Deployment Solution
Altiris Notification Server
Symantec Management Platform

This vulnerability may be related to one of the issues described in BID 36247 (Symantec Altiris Deployment Solution Multiple Remote Vulnerabilities).


 

Privacy Statement
Copyright 2010, SecurityFocus