Multiple Symantec Products Alert Management System Console Arbitrary Code Execution Vulnerability
Publish Date: 21 Juli 2015
Schweregrad:: Kritisch
CVE Kennungen:: CVE-2009-1431
Hinweisdatum: 21 Juli 2015
Beschreibung
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1003524
Trend Micro Deep Security DPI Rule Name: 1003524 - Multiple Symantec Products Alert Management System Console Arbitrary Code Execution Vulnerability
Betroffene Software und Version:
- symantec antivirus -
- symantec antivirus 10.0
- symantec antivirus 10.0.1
- symantec antivirus 10.0.1.1
- symantec antivirus 10.0.2
- symantec antivirus 10.0.2.1
- symantec antivirus 10.0.2.2
- symantec antivirus 10.0.3
- symantec antivirus 10.0.4
- symantec antivirus 10.0.5
- symantec antivirus 10.0.6
- symantec antivirus 10.0.7
- symantec antivirus 10.0.8
- symantec antivirus 10.0.9
- symantec antivirus_central_quarantine_server
- symantec client_security 2.0
- symantec client_security 3.0
- symantec client_security 3.0.0.359
- symantec client_security 3.0.1.1000
- symantec client_security 3.0.1.1001
- symantec client_security 3.0.1.1007
- symantec client_security 3.0.1.1008
- symantec client_security 3.0.1.1009
- symantec client_security 3.0.2
- symantec client_security 3.0.2.2000
- symantec client_security 3.0.2.2001
- symantec client_security 3.0.2.2002
- symantec client_security 3.0.2.2010
- symantec client_security 3.0.2.2011
- symantec client_security 3.0.2.2020
- symantec client_security 3.0.2.2021
- symantec client_security 3.1
- symantec endpoint_protection 11.0
- symantec system_center