Symantec Alert Management System Intel File Transfer service command execution

Added: 05/06/2009 CVE: CVE-2009-1431 BID: 34675 OSVDB: 54160 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel File Transfer service is a component of AMS2 which is used to aid communication between the core server and managed clients. It...

Symantec Alert Management System Intel File Transfer service command execution

Added: 05/06/2009 CVE: CVE-2009-1431 BID: 34675 OSVDB: 54160 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel File Transfer service is a component of AMS2 which is used to aid communication between the core server and managed clients. It...

Symantec Alert Management System Intel File Transfer service command execution

Added: 05/06/2009 CVE: CVE-2009-1431 BID: 34675 OSVDB: 54160 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel File Transfer service is a component of AMS2 which is used to aid communication between the core server and managed clients. It...

Symantec System Center (Symantec Client Security, Symantec Antivirus) code execution

Intel File Transfer service allows to execute any program with system privilegees without authentication via TCP/12174...

iDefense Security Advisory 04.29.09: Symantec System Center Alert Management System Console Arbitrary Program Execution Design Error Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 04.28.09 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 28, 2009 I. BACKGROUND Symantec System Center is an MMC Microsoft Management Console snap-in that allows an administrator to remotely manage Symantec...

Symantec杀毒软件Intel File Transfer服务任意代码执行漏洞

BUGTRAQ ID: 34675 CVECAN ID: CVE-2009-1431 Symantec AntiVirus是非常流行的杀毒解决方案。 Symantec杀毒软件产品中捆绑有Symantec System Center以便管理员远程管理Symantec产品。Symantec System Center包含有一个名为警告管理系统控制台的可选组件，该组件会在TCP 12174端口上启动Intel File Transfer服务（XFR.EXE）。如果远程攻击者向XFR.EXE服务发送了特制请求的话，服务会从请求中获取字符串并用作所要执行新进程的路径。...

CVE-2009-1431

XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 AMS2, as used in Symantec System Center SSS; Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus SAV Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10....

Code injection

XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 AMS2, as used in Symantec System Center SSS; Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus SAV Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10....