PRIOn knowledge basePRION:CVE-2010-3268Cross site request forgery (csrf)
7 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.854 High
EPSS
Percentile
98.5%
The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.
References
secunia.com/advisories/42593
secunia.com/advisories/43099
www.coresecurity.com/content/symantec-intel-handler-service-remote-dos
www.securityfocus.com/archive/1/515191/100/0/threaded
www.securityfocus.com/bid/45936
www.securitytracker.com/id?1024866
www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
www.vupen.com/english/advisories/2010/3206
www.vupen.com/english/advisories/2011/0234
exchange.xforce.ibmcloud.com/vulnerabilities/64028
Related
7 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.854 High
EPSS
Percentile
98.5%