SAINT CorporationSAINT:B3E1C9503AC25E7B1B43AA582DF4A1E7Symantec Alert Management System Intel Alert Originator Service msgsys.exe buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Added: 05/05/2009
CVE: CVE-2009-1430
BID: 34674
OSVDB: 54159
Background
The Symantec Alert Management System 2 (AMS2) is used by multiple Symantec products. The Intel Alert Originator (IAO) service is a component of AMS2. The **msgsys.exe** process is a preprocessor for the IAO service and listens on TCP port 38292.
Problem
A buffer overflow vulnerability in the **msgsys.exe** process allows remote attackers to execute arbitrary commands by sending it a long, specially crafted request.
Resolution
Apply one of the solutions shown in SYM09-007.
References
<http://www.zerodayinitiative.com/advisories/ZDI-09-018/>
Limitations
Exploit works on Symantec Alert Management System Intel Alert Originator Service 6.12.0.130E.
Platforms
Windows 2000
Windows Server 2003
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%