CVE-2008-6827

HIGH

Symantec Altiris Deployment Solution 6.0-6.9.355 - Local Privilege Escalation via Shatter Attack on AClient.exe

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6827. PoCs published by alt3kx.

AI-analyzed exploit summary The repository contains only a README with minimal information about CVE-2008-6827, referencing an Exploit-DB entry but lacking any actual exploit code or technical details.

Description

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

Exploits (1)

nomisec STUB
by alt3kx · poc
https://github.com/alt3kx/CVE-2008-6827

The repository contains only a README with minimal information about CVE-2008-6827, referencing an Exploit-DB entry but lacking any actual exploit code or technical details.

Classification
Stub 90%
Attack Type
Lpe
Complexity
Theoretical
Reliability
Theoretical
Target: Symantec Altiris Client Service 6.8.378
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021071
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=122460544316205&w=2
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31773
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46006
Broken Link, Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2876
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/49426
Broken Link, Patch x_refsource_misc
http://www.insomniasec.com/advisories/ISVA-081020.1.htm
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31766

Scores

CVSS v3 7.8
EPSS 0.0108
EPSS Percentile 60.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (2)
symantec/altiris_deployment_solution 6.9.355
symantec/altiris_deployment_solution 6.0 - 6.9.355
Published Jun 08, 2009
Tracked Since Feb 18, 2026