Published: 08/06/2009 Updated: 14/02/2024

CVSS v2 Base Score: 6.8 | Impact Score: 10 | Exploitability Score: 3.1

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Subscribe to Altiris Deployment Solution

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x prior to 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec altiris deployment solution 6.9.355
symantec altiris deployment solution

Symantec Altiris Client Service 6.8.378 - Local Privilege Escalation

CVE-2008-6827 Symantec Altiris Client Service 68378 - Local Privilege Escalation Exploit-DB publication at wwwexploit-dbcom/exploits/5625/ Author Alex Hernandez aka (@_alt3kx_)

CWE-306 http://www.securitytracker.com/id?1021071 http://osvdb.org/49426 http://www.securityfocus.com/bid/31766 http://marc.info/?l=bugtraq&m=122460544316205&w=2 http://www.insomniasec.com/advisories/ISVA-081020.1.htm http://www.vupen.com/english/advisories/2008/2876 http://www.symantec.com/avcenter/security/Content/2008.10.20a.html http://secunia.com/advisories/31773 https://exchange.xforce.ibmcloud.com/vulnerabilities/46006 https://nvd.nist.gov https://github.com/alt3kx/CVE-2008-6827

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-6827

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect