CVE-2005-1590

Severity

46%

Complexity

39%

Confidentiality

106%

The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.

The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Altiris

First reported 19 years ago

2005-05-16 04:00:00

Last updated 16 years ago

2008-09-05 20:49:00

Affected Software

Altiris Client Service 6.0.88

6.0.88

Altiris Deployment Solution 5.6 SP1

5.6

Altiris Deployment Solution 5.6.181

5.6.181

Altiris Deployment Solution 6

6.0

References

20050427 Privilege escalation and password protection bypass in Altiris Client Service for Windows (Version 6.0.88)

Exploit, Vendor Advisory

15159

Vendor Advisory

15897

Exploit, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.