Altiris Altiris.AeXNSPkgDL.1 ActiveX Control DownloadAndInstall() Method Arbitrary Code Execution
High Nessus Plugin ID 41062
SynopsisThe remote Windows host has an ActiveX control that allows execution of arbitrary code.
DescriptionThe Altiris.AeXNSPkgDL.1 ActiveX control, a component of Altiris Deployment Solution, Altiris Notification Server, and Symantec Management Platform, is installed on the remote Windows host.
The installed version of this control provides an unsafe method, named 'DownloadAndInstall'.
If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, this issue could be leveraged to download and execute arbitrary code on the affected system subject to the user's privileges.
SolutionEither set the kill bit or apply the vendor's hotfix to upgrade the control to version 184.108.40.2060 or later.