High severity7.8NVD Advisory· Published Jun 8, 2009· Updated Apr 23, 2026

CVE-2008-6827

Description

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

Affected products

Symantec/Altiris Deployment Solution2 versions
cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*range: >=6.0,<6.9.355
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.insomniasec.com/advisories/ISVA-081020.1.htmnvdBroken LinkPatch
www.symantec.com/avcenter/security/Content/2008.10.20a.htmlnvdBroken LinkPatchVendor Advisory
www.vupen.com/english/advisories/2008/2876nvdBroken LinkPatchVendor Advisory
secunia.com/advisories/31773nvdBroken LinkVendor Advisory
www.securityfocus.com/bid/31766nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/46006nvdThird Party AdvisoryVDB Entry
marc.infonvdMailing List
osvdb.org/49426nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000