The Symantec Alert Management System 2 (AMS2) is used by multiple Symantec products. It includes an Intel Alert Handler service (hndlrsvc.exe). This service handles messages forwarded to it by the Alert Originator Manager, which listens on port 38292/TCP.
A buffer overflow vulnerability in the pagehndl.dll module allows a remote attacker to execute arbitrary commands by sending a long, specially crafted modem string to the Intel Alert Handler.
Apply the patch referenced in SYM11-002.
Exploit works on Symantec System Center 10.1.8.8000 on Windows Server 2003 SP2 with patches KB956802 and KB956572.