• Symantec Altiris Deployment Solution ActiveX Control Buffer Overflow
    Disclosure Date: 2009-11-04
    First seen: 2020-04-26
    exploit/windows/browser/symantec_altirisdeployment_runcmd
    This module exploits a stack buffer overflow in Symantec Altiris Deployment Solution. When sending an overly long string to RunCmd() method of AeXNSConsoleUtilities.dll (6.0.0.1426) an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
  • Symantec ConsoleUtilities ActiveX Control Buffer Overflow
    Disclosure Date: 2009-11-02
    First seen: 2020-04-26
    exploit/windows/browser/symantec_consoleutilities_browseandsavefile
    This module exploits a stack buffer overflow in Symantecs ConsoleUtilities. By sending an overly long string to the "BrowseAndSaveFile()" method located in the AeXNSConsoleUtilities.dll (6.0.0.1846) Control, an attacker may be able to execute arbitrary code Authors: - Nikolas Sotiriu (lofi)
  • Symantec Altiris Deployment Solution ActiveX Control Arbitrary File Download and Execute
    Disclosure Date: 2009-09-09
    First seen: 2020-04-26
    exploit/windows/browser/symantec_altirisdeployment_downloadandinstall
    This module allows remote attackers to install and execute arbitrary files on a users file system via AeXNSPkgDLLib.dll (6.0.0.1418). This module was tested against Symantec Altiris Deployment Solution 6.9 sp3. Authors: - MC <mc@metasploit.com>
  • Symantec Altiris DS SQL Injection
    Disclosure Date: 2008-05-15
    First seen: 2020-04-26
    exploit/windows/misc/altiris_ds_sqli
    This module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injections are required in close succession, first to enable xp_cmdshell, then retrieve the payload via TFTP and finally execute it. The module also has the capability to disable or enable local application authentication. In order to work the target system must have a tftp client available. Authors: - Brett Moore - 3v0lver
4 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!