漏洞类别:Local
漏洞等级: 
漏洞信息
Ghost Solution Suite is a software solution for imaging and deploying desktops, laptops, tablets and servers.
Ghost Solution Suite is vulnerable to a DLL loading issue which can allow an attacker to execute arbitrary code with elevated privileges.
Affected Version:
Ghost Solutions Suite prior to version 3.1 MP4.
QID Detection Logic (authenticated):
The QID checks flags as vulnerable if the version of the file DeployAnywhere.exe found to be is older than 12.0.0.10519. The file location is <InstallPath>\Ghost\ DeployAnywhere.exe. The intall path is determined using the registry key "HKLM\SOFTWARE\Altiris\eXpress" value "InstallDir".
漏洞危害
Successful exploitation of the vulnerability will allow an attacker to execute arbitrary code with elevated privileges.
解决方案
For more information, customers are advised to refer the vendor advisory SYM16-020.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论