Unrated severityNVD Advisory· Published Nov 25, 2009· Updated Apr 23, 2026

CVE-2009-3033

Description

Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.

Affected products

Symantec/Altiris Deployment Solution8 versions
cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9.164:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9.176:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp2:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9:sp3:*:*:*:*:*:*
Symantec/Altiris Management Platform2 versions
cpe:2.3:a:symantec:altiris_management_platform:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:symantec:altiris_management_platform:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_management_platform:7.0:sp1:*:*:*:*:*:*
Symantec/Altiris Notification Server6 versions
cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:symantec:altiris_notification_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_notification_server:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_notification_server:6.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_notification_server:6.0_sp3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_notification_server:6.0:sp3_r7:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.altiris.com/article.aspnvdPatchVendor Advisory
www.securityfocus.com/bid/37092nvdExploitPatch
www.vupen.com/english/advisories/2009/3328nvdVendor Advisory
osvdb.org/60496nvd
www.symantec.com/security_response/securityupdates/detail.jspnvd
exchange.xforce.ibmcloud.com/vulnerabilities/54415nvd
kb.altiris.com/article.aspnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.058
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000