Symantec Alert Management System PIN number buffer overflow

2011-02-03T00:00:00
ID SAINT:C3BB87CF0CCCCAF7AC5BC0C6DECF2A50
Type saint
Reporter SAINT Corporation
Modified 2011-02-03T00:00:00

Description

Added: 02/03/2011
CVE: CVE-2010-0110
BID: 45936

Background

The Symantec Alert Management System 2 (AMS2) is used by multiple Symantec products. It includes an Intel Alert Handler service (hndlrsvc.exe). This service handles messages forwarded to it by the Alert Originator Manager, which listens on port 38292/TCP.

Problem

A buffer overflow vulnerability in **pagehndl.dll** allows remote attackers to execute arbitrary commands by sending a specially crafted PIN number to **msgsys.exe** through the Intel Alert Handler service.

Resolution

See Symantec Security Advisory SYM11-002 for fix information.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-031/>

Limitations

Exploit works on Symantec System Center 10.1.8.8000.

Platforms

Windows