Severity: : Critical
  CVE Kennungen: : CVE-2009-1431
  Advisory Date: 21 de июля de 2015

  DESCRIPTION

XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1003524
  Trend Micro Deep Security DPI Rule Name: 1003524 - Multiple Symantec Products Alert Management System Console Arbitrary Code Execution Vulnerability

  AFFECTED SOFTWARE AND VERSION:

  • symantec antivirus -
  • symantec antivirus 10.0
  • symantec antivirus 10.0.1
  • symantec antivirus 10.0.1.1
  • symantec antivirus 10.0.2
  • symantec antivirus 10.0.2.1
  • symantec antivirus 10.0.2.2
  • symantec antivirus 10.0.3
  • symantec antivirus 10.0.4
  • symantec antivirus 10.0.5
  • symantec antivirus 10.0.6
  • symantec antivirus 10.0.7
  • symantec antivirus 10.0.8
  • symantec antivirus 10.0.9
  • symantec antivirus_central_quarantine_server
  • symantec client_security 2.0
  • symantec client_security 3.0
  • symantec client_security 3.0.0.359
  • symantec client_security 3.0.1.1000
  • symantec client_security 3.0.1.1001
  • symantec client_security 3.0.1.1007
  • symantec client_security 3.0.1.1008
  • symantec client_security 3.0.1.1009
  • symantec client_security 3.0.2
  • symantec client_security 3.0.2.2000
  • symantec client_security 3.0.2.2001
  • symantec client_security 3.0.2.2002
  • symantec client_security 3.0.2.2010
  • symantec client_security 3.0.2.2011
  • symantec client_security 3.0.2.2020
  • symantec client_security 3.0.2.2021
  • symantec client_security 3.1
  • symantec endpoint_protection 11.0
  • symantec system_center