Symantec Products Alert Management System 2 Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in various Symantec products, which could be exploited by remote attackers to compromise a vulnerable system.
1. An error in the Intel LANDesk Common Base Agent (CBA) using data sent to port 12174 as an argument to "CreateProcessA()", which could allow remote attackers to inject and execute arbitrary code with SYSTEM privileges.
2. A stack overflow error in the Intel Alert Originator Service (IAO.EXE) when processing specially crafted packets, which could allow attackers to execute arbitrary code.
3. A stack overflow error in the Intel Alert Originator Service (IAO.EXE) when processing data received from the "MsgSys.exe" process, which could allow attackers to execute arbitrary code.
4. A design error in the Intel File Transfer service (XFR.EXE), which could allow attackers to execute arbitrary code by placing a malicious executable on a fileshare or WebDav server, and then sending the UNC path to XFR.EXE.
Impact
- Remote Code Execution
System / Technologies affected
- Symantec AntiVirus Corporate Edition version 9.0 MR6 and prior
- Symantec AntiVirus Corporate Edition version 10.0 (all versions)
- Symantec AntiVirus Corporate Edition version 10.1 MR7 and prior
- Symantec AntiVirus Corporate Edition version 10.2 MR1 and prior
- Symantec Client Security version 2.0 MR6 and prior
- Symantec Client Security version 3.0 (all versions)
- Symantec Client Security version 3.1 MR7 and prior
- Symantec Endpoint Protection version 11.0 MR2 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Update to the latest versions.
Symantec AntiVirus Corporate Edition:
Update to SAV 9.0 MR7, SAV 10.1 MR8, or SAV 10.2 MR2.Symantec Client Security:
Update to SCS 2.0 MR7 or SCS 3.1 MR8.Symantec Endpoint Protection:
Update to SEP 11.0 MR3.
Vulnerability Identifier
Source
Share with