The Symantec Alert Management System 2 (AMS2) is used by multiple Symantec products. It includes an Intel Alert Handler service (hndlrsvc.exe). This service handles messages forwarded to it by the Alert Originator Manager, which listens on port 38292/TCP.
A buffer overflow vulnerability in
**pagehndl.dll** allows remote attackers to execute arbitrary commands by sending a specially crafted PIN number to
**msgsys.exe** through the Intel Alert Handler service.
See Symantec Security Advisory SYM11-002 for fix information.
Exploit works on Symantec System Center 10.1.8.8000.