Check Point Advisories

Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow (CVE-2009-3031; CVE-2009-3033)

Check Point Reference: CPAI-2009-303
Date Published: 16 Dec 2009
Severity: Critical
Last Updated: Wednesday 16 December, 2009
Source:
Industry Reference:CVE-2009-3031
CVE-2009-3033
Protection Provided by:

Security Gateway
R81, R80, R77, R75, R71, R70, R65
Who is Vulnerable?
Vulnerability Description Symantec Altiris Deployment Solution software provides tools to deploy software on desktops and servers. It runs on Windows platforms, offering Operating System (OS) deployment, configuration, software deployment across hardware platforms and OS types, among other tasks. This product can be used remotely to mass-deploy an image of a reference installation (OS and applications) to new and existing systems. Symantec Altiris Deployment Solution also allows the management of drivers and software updates as well as provision for advanced automation and customized scripting for different deployment tasks. A stack buffer overflow vulnerability exists in multiple Symantec products. The vulnerability is due to an error in the AeXNSConsoleUtilities.dll ActiveX control. This vulnerability can be exploited by remote attackers to execute arbitrary code on the target system by enticing the user into visiting a specially crafted web page. In an attack scenario, where arbitrary code is injected and executed on the target system, the behaviour of the target is dependent on the intention of the malicious code. The injected code will be run with privileges of the currently logged on user. If such an attack is not executed successfully, the vulnerable application may terminate as a result of invalid memory access.

Protection Overview

This protection will detect and block the vulnerable ActiveX control.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70 / R65

  1. In the IPS tab, click Protections and find the Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Symantec multiple products AeXNSConsoleUtilities buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK