Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-11-029
HistoryJan 27, 2011 - 12:00 a.m.

Symantec AMS Intel Alert Handler Service CreateProcess Remote Code Execution Vulnerability

2011-01-2700:00:00
Anonymous
www.zerodayinitiative.com
12

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.326 Low

EPSS

Percentile

97.0%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HDNLRSVC.EXE service while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. This process passes user-supplied data directly to a CreateProcessA call. By supplying a UNC path to a controlled binary a remote attacker can execute arbitrary code under the context of the vulnerable daemon.

Related

checkpoint_advisories 1
cve 1
cvelist 2
prion 2
zdi 3
symantec 1
securityvulns 2
openvas 2
nessus 1
checkpoint_advisories
checkpoint_advisories
Symantec Antivirus Intel Alert Handler Service Denial of Service (CVE-2010-0111)
2011-02-20 00:00:00
cve
cve
CVE-2010-0111
2011-01-31 21:00:03
cvelist
cvelist
CVE-2010-0111
2011-01-31 20:00:00
CVE-2011-0688
2011-01-31 20:00:00
prion
prion
Code injection
2011-01-31 21:00:00
Information disclosure
2011-01-31 21:00:00
zdi
zdi
Symantec AMS Intel Alert Handler Pin Number Parsing Remote Code Execution Vulnerability
2011-01-27 00:00:00
Symantec Intel Alert Originator Service iao.exe Remote Code Execution Vulnerability
2011-01-27 00:00:00
Symantec AMS Intel Alert Handler Modem String Parsing Remote Code Execution Vulnerability
2011-01-27 00:00:00
symantec
symantec
Multiple Symantec Intel Alert Management System Arbitrary Message Creation or Denial of Service
2011-01-26 08:00:00
securityvulns
securityvulns
TELUS Security Labs VR - Symantec Antivirus Intel Alert Handler Service Denial of Service
2011-01-31 00:00:00
Symantec Antivirus Corporate Edition Alert Management Service code execution
2011-01-31 00:00:00
openvas
openvas
Symantec Intel Alert Management System Multiple Vulnerabilities
2011-02-07 00:00:00
Symantec Intel Alert Management System Multiple Vulnerabilities
2011-02-07 00:00:00
nessus
nessus
Symantec Alert Management System 2 Multiple Vulnerabilities (SYM11-002, SYM11-003)
2011-01-28 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.326 Low

EPSS

Percentile

97.0%

JSON
Related for ZDI-11-029
checkpoint_advisories1cve1cvelist2prion2zdi3symantec1securityvulns2openvas2nessus1