Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Symantec Altiris Deployment Solution客户端GUI本地权限提升漏洞
Vulnerability Description
Symantec Altiris Deployment Solution是自动化的操作系统部署解决方案,用于从统一的位置部署和管理服务器、桌面和笔记本等。 Altiris客户端GUI的主窗口有一个隐藏按键,该按键的标题为"命令提示符"。点击这个按键会导致GUI试图用以下命令行参数调用CreateProcess(): c:\Program Files\Altiris\AClient\cmd.exe 客户端GUI还有一个ListView控件,可用于覆盖进程内存。本地攻击者可以使用ListView覆盖静态指针,
CVSS Information
N/A
Vulnerability Type
N/A