CVE-2008-6827

HIGH

Symantec Altiris Deployment Solution - Missing Authentication

Title source: rule

Description

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

Exploits (1)

nomisec STUB

by alt3kx · poc

https://github.com/alt3kx/CVE-2008-6827

View Code ZIP pw:eip

References (9)

Core 9

Core References

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1021071

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=122460544316205&w=2

Broken Link, Patch, Vendor Advisory x_refsource_confirm

http://www.symantec.com/avcenter/security/Content/2008.10.20a.html

Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31773

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46006

Broken Link, Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2876

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/49426

Broken Link, Patch x_refsource_misc

http://www.insomniasec.com/advisories/ISVA-081020.1.htm

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31766

Scores

CVSS v3 7.8

EPSS 0.0156

EPSS Percentile 81.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (2)

symantec/altiris_deployment_solution 6.9.355

symantec/altiris_deployment_solution 6.0 - 6.9.355

Published Jun 08, 2009

Tracked Since Feb 18, 2026