CVE-2009-3031

Symantec Altiris Deployment Solution and Notification Server - Stack-based Buffer Overflow via BrowseAndSaveFile Method

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-3031. PoCs published by Metasploit, Nikolas Sotiriu, Nikolas Sotiriu (lofi), including Metasploit module exploits/windows/browser/symantec_consoleutilities_browseandsavefile.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Symantec ConsoleUtilities ActiveX control via the 'BrowseAndSaveFile()' method. It delivers a payload through a malicious HTML page, leveraging a long string to overwrite the return address and execute arbitrary code.

Description

Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16613

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in Symantec ConsoleUtilities ActiveX control via the 'BrowseAndSaveFile()' method. It delivers a payload through a malicious HTML page, leveraging a long string to overwrite the return address and execute arbitrary code.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Symantec ConsoleUtilities (AeXNSConsoleUtilities.dll 6.0.0.1846)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Nikolas Sotiriu · rubyremotewindows

https://www.exploit-db.com/exploits/9853

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Symantec ConsoleUtilities ActiveX control via the 'BrowseAndSaveFile()' method. It delivers a payload through a malicious HTML page, leveraging a long string to overwrite the return address and execute arbitrary code.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Symantec ConsoleUtilities (AeXNSConsoleUtilities.dll 6.0.0.1846)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target system must have the vulnerable ActiveX control installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Nikolas Sotiriu (lofi) · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Symantec ConsoleUtilities ActiveX control via the 'BrowseAndSaveFile()' method. It delivers a malicious HTML page with VBScript to trigger the overflow and execute arbitrary code.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Symantec ConsoleUtilities (AeXNSConsoleUtilities.dll 6.0.0.1846)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled

MITRE ATT&CK