| Check Point Reference: |
CPAI-2010-170 |
| Date Published: |
24 Sep 2010 |
| Severity: |
Critical
|
| Last Updated: |
Friday 01 January, 2010 |
| Source: |
Discoverer's advisory |
| Protection Provided by: |
|
| Who is Vulnerable? | Symantec Antivirus Corporate Edition 10.1.8.8000 and prior
Symantec Systems Center 10.1.8.8000 and prior
Symantec Client Security 3.1.8 and prior |
| Vulnerability Description |
An arbitrary command execution vulnerability exists in Symantec Alert Management System (AMS2) service shipped with multiple Symantec products. The AMS service starts an alert handler service, HNDLRSVC, that listens for commands from the AMS server. The service does not perform proper authentication checks before executing such commands. Remote attackers can exploit this vulnerability by sending a crafted packet to the target system, potentially leading to remote code execution. |
| Update/Patch Avaliable | The vendor has not released an advisory addressing this issue. |
| Vulnerability Details | A design weakness vulnerability exists in Symantec alert handler service, HNDLRSVC, installed by the Alert Management System. Remote attackers can exploit this vulnerability by sending a crafted packet to the service. The affected service will also allow attackers to run programs from a remote network share. |
Feedback