Symantec Intel Alert Management System Message Handling Multiple Code Execution Vulnerabilities
Gravité: : Critique
Identifiant(s) CVE: : CVE-2010-0111
Date du conseil: 21 juillet 2015
Description
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1004599
Trend Micro Deep Security DPI Rule Name: 1004599 - Symantec Intel Alert Management System Message Handling Multiple Code Execution Vulnerabilities
Affected software and version:
- symantec antivirus 10.0
- symantec antivirus 10.0.1
- symantec antivirus 10.0.1.1
- symantec antivirus 10.0.1.2
- symantec antivirus 10.0.2
- symantec antivirus 10.0.2.1
- symantec antivirus 10.0.2.2
- symantec antivirus 10.0.3
- symantec antivirus 10.0.4
- symantec antivirus 10.0.5
- symantec antivirus 10.0.6
- symantec antivirus 10.0.7
- symantec antivirus 10.0.8
- symantec antivirus 10.0.9
- symantec antivirus 10.1
- symantec antivirus 10.1.0.1
- symantec antivirus 10.1.4
- symantec antivirus 10.1.4.1
- symantec antivirus 10.1.5
- symantec antivirus 10.1.5.1
- symantec antivirus 10.1.6
- symantec antivirus 10.1.6.1
- symantec antivirus 10.1.7
- symantec antivirus 10.1.8
- symantec antivirus 10.1.9
- symantec antivirus 10.2
- symantec antivirus_central_quarantine_server 3.5
- symantec antivirus_central_quarantine_server 3.6
- symantec system_center 10.0
- symantec system_center 10.1