CVE-2009-3028

Symantec Altiris Deployment Solution/Notification Server - RCE via AeXNSPkgDLLib.dll

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3028. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.

AI-analyzed exploit summary This Metasploit module exploits CVE-2009-3028 in Symantec Altiris Deployment Solution by leveraging an ActiveX control to download and execute arbitrary files. It uses the `DownloadAndInstall` method in `AeXNSPkgDLLib.dll` to achieve remote code execution.

Description

The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16600

This Metasploit module exploits CVE-2009-3028 in Symantec Altiris Deployment Solution by leveraging an ActiveX control to download and execute arbitrary files. It uses the `DownloadAndInstall` method in `AeXNSPkgDLLib.dll` to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Symantec Altiris Deployment Solution 6.9 sp3
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed and enabled · Target must visit a malicious webpage or open a malicious HTML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb

This Metasploit module exploits CVE-2009-3028 by leveraging an unsafe ActiveX control (AeXNSPkgDLLib.dll) in Symantec Altiris Deployment Solution to download and execute arbitrary files. It hosts a malicious payload and tricks the victim into visiting a crafted HTML page that triggers the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Symantec Altiris Deployment Solution 6.9 sp3
No auth needed
Prerequisites: Victim must visit a malicious webpage · ActiveX control must be enabled in the victim's browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36346
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/57893
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36679

Scores

EPSS 0.4260
EPSS Percentile 98.5%

Details

Status published
Products (3)
symantec/altiris_deployment_solution 6.9 (5 CPE variants)
symantec/altiris_notification_server 6.0 (18 CPE variants)
symantec/management_platform 7.0 (7 CPE variants)
Published Mar 07, 2011
Tracked Since Feb 18, 2026