Added: 12/01/2011
CVE: CVE-2010-0110
BID: 45936
OSVDB: 72623
The Symantec Alert Management System 2 (AMS2) is used by multiple Symantec products. It includes an Intel Alert Handler service (**hndlrsvc.exe**
). This service handles messages forwarded to it by the Alert Originator Manager (**msgsys.exe**
), which listens on port 38292/TCP.
A stack buffer overflow vulnerability in the **AMSLIB.dll**
module of the Intel Alert Handler service allows a remote attacker to execute arbitrary commands by sending a long, specially crafted string to the Alert Originator Manager.
Apply the patch referenced in SYM11-002.
<http://www.zerodayinitiative.com/advisories/ZDI-11-028/>
Exploit works on Symantec System Center 10.1.8.8000 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.
Windows Server 2003