Vulnerability Details : CVE-2008-6827
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
Products affected by CVE-2008-6827
- cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:altiris_deployment_solution:6.9.355:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-6827
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-6827
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:L/AC:L/Au:S/C:C/I:C/A:C |
3.1
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-02-14 |
CWE ids for CVE-2008-6827
-
Assigned by: nvd@nist.gov (Primary)
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-6827
-
http://marc.info/?l=bugtraq&m=122460544316205&w=2
'Insomnia : ISVA-081020.1 - Altiris Deployment Server Agent - Privilege Escalation' - MARCMailing List
-
http://www.vupen.com/english/advisories/2008/2876
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Patch;Vendor Advisory
-
http://www.securitytracker.com/id?1021071
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/31773
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
Broken Link;Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/46006
Symantec Altiris Deployment Solution Client GUI privilege escalation CVE-2008-6827 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/31766
Broken Link;Third Party Advisory;VDB Entry
-
http://www.insomniasec.com/advisories/ISVA-081020.1.htm
Page not found | CyberCXBroken Link;Patch
-
http://osvdb.org/49426
Broken Link
Jump to