header-logo
Suggest Exploit
vendor:
Altiris Deployment Solution Client
by:
7.5
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: Altiris Deployment Solution Client
Affected Version From: 5.6 SP1 (Hotfix E)
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows

Altiris Deployment Solution Client Privilege Escalation

A local user can exploit the Altiris Deployment Solution Client interface to escalate privileges.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11709/info

Altiris Deployment Solution Client allows a user to activate the client interface by easily launching the software from an icon in the Windows system tray. It is reported that a local user may exploit the client interface to escalate privileges.

It should be noted that although this vulnerability is reported to exist in Altiris Deployment Solution version 5.6 SP1 (Hotfix E) other versions might also be affected.

1. Right click on the Altiris Client Service icon in the Taskbar and choose View Log File
2. Notepad should open. Click File, click Open
3. In the Files of type: field choose All Files
4. Navagate to '%WINDIR%\System32'. Right click on 'cmd.exe' and choose Open
6. A new command shell with launch with SYSTEM privileges