The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x prior to 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
symantec altiris deployment solution 6.9 |
||
symantec altiris deployment solution 6.9.355 |
||
symantec altiris deployment solution 6.9.164 |
||
symantec altiris deployment solution 6.9.176 |