{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Symantec Altiris Deployment Solution versions 6.9.x ;","product":{"name":"N/A","vendor":{"name":"Symantec","scada":false}}},{"description":"Symantec Altiris Notification Server versions 6.0.x ;","product":{"name":"N/A","vendor":{"name":"Symantec","scada":false}}},{"description":"Symantec Management Platform versions 7.0.x.","product":{"name":"N/A","vendor":{"name":"Symantec","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans un contr\u00f4le ActiveX, appel\u00e9\nAeXNSConsoleUtilities.dll, li\u00e9 \u00e0 Symantec Altiris. Ce fichier est\nt\u00e9l\u00e9charg\u00e9 lors de la premi\u00e8re connexion \u00e0 la console Web\nd'administration du serveur. L'exploitation de cette vuln\u00e9rabilit\u00e9, qui\nn\u00e9cessite une interaction avec un utilisateur, permet l'ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-3031","url":"https://www.cve.org/CVERecord?id=CVE-2009-3031"}],"links":[],"reference":"CERTA-2009-AVI-467","revisions":[{"description":"version initiale.","revision_date":"2009-11-03T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans <span class=\"textit\">Symantec Altiris</span>\npermet d'ex\u00e9cuter du code arbitraire \u00e0 distance.\n","title":"Vuln\u00e9rabilit\u00e9 dans Symantec Altiris","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Symantec SYM09-015 du 02 novembre 2009","url":"http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20091102_00"}]}