141062 : Altiris Altiris.AeXNSPkgDL.1 ActiveX Control DownloadAndInstall() Method Arbitrary Code Execution

Risk 5 : Windows

The Altiris.AeXNSPkgDL.1 ActiveX control, a component of Altiris Deployment Solution, Altiris Notification Server, and Symantec Management Platform, is installed on the remote Windows host.

The installed version of this control provides an unsafe method, named 'DownloadAndInstall'.

If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he may be able to leverage this issue to download and execute arbitrary code on the affected system subject to the user's privileges.

Solution:
Apply the appropriate fix according to Symantec's advisory.
References:
CVSS Information:
Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Tenable : 2009-12-04
New Search
Keywords
Risk Factor
Start Date
End Date
Browse