https://www.exploit-db.com/exploits/24754
https://www.securityfocus.com/bid/89969
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1067

Windows(ACLIENT.EXE)6.0.88的AltirisClientService允许本地用户通过查出并显示”AltirisClientService”隐藏窗口，禁用密码保护，禁用”Hideclienttrayiconbox”选项，再打开AClienttray图标并使用ViewLogFile选项，来禁用密码保护并访问管理员界面。是不同于CVE-2004-2070的漏洞。

source: http://www.securityfocus.com/bid/11709/info

Altiris Deployment Solution Client allows a user to activate the client interface by easily launching the software from an icon in the Windows system tray. It is reported that a local user may exploit the client interface to escalate privileges.

It should be noted that although this vulnerability is reported to exist in Altiris Deployment Solution version 5.6 SP1 (Hotfix E) other versions might also be affected.

1. Right click on the Altiris Client Service icon in the Taskbar and choose View Log File
2. Notepad should open. Click File, click Open
3. In the Files of type: field choose All Files
4. Navagate to '%WINDIR%System32'. Right click on 'cmd.exe' and choose Open
6. A new command shell with launch with SYSTEM privileges

Altiris Client Service 6.0.88 Windows

+

Altiris Client Management Suite

来源:OSVDB
名称:15897
链接:http://www.osvdb.org/15897
来源:SECUNIA
名称:15159
链接:http://secunia.com/advisories/15159
来源:FULLDISC
名称:20050427PrivilegeescalationandpasswordprotectionbypassinAltirisClientServiceforWindows(Version6.0.88)
链接:http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0614.html