Schweregrad:: Kritisch
  CVE Kennungen:: CVE-2009-1431
  Hinweisdatum: 21 Juli 2015

  Beschreibung

XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.

  Trend Micro Lösungen

Apply associated Trend Micro DPI Rules.

  Lösungen

  Trend Micro Deep Security DPI Rule Number: 1003524
  Trend Micro Deep Security DPI Rule Name: 1003524 - Multiple Symantec Products Alert Management System Console Arbitrary Code Execution Vulnerability

  Betroffene Software und Version:

  • symantec antivirus -
  • symantec antivirus 10.0
  • symantec antivirus 10.0.1
  • symantec antivirus 10.0.1.1
  • symantec antivirus 10.0.2
  • symantec antivirus 10.0.2.1
  • symantec antivirus 10.0.2.2
  • symantec antivirus 10.0.3
  • symantec antivirus 10.0.4
  • symantec antivirus 10.0.5
  • symantec antivirus 10.0.6
  • symantec antivirus 10.0.7
  • symantec antivirus 10.0.8
  • symantec antivirus 10.0.9
  • symantec antivirus_central_quarantine_server
  • symantec client_security 2.0
  • symantec client_security 3.0
  • symantec client_security 3.0.0.359
  • symantec client_security 3.0.1.1000
  • symantec client_security 3.0.1.1001
  • symantec client_security 3.0.1.1007
  • symantec client_security 3.0.1.1008
  • symantec client_security 3.0.1.1009
  • symantec client_security 3.0.2
  • symantec client_security 3.0.2.2000
  • symantec client_security 3.0.2.2001
  • symantec client_security 3.0.2.2002
  • symantec client_security 3.0.2.2010
  • symantec client_security 3.0.2.2011
  • symantec client_security 3.0.2.2020
  • symantec client_security 3.0.2.2021
  • symantec client_security 3.1
  • symantec endpoint_protection 11.0
  • symantec system_center