CVE-2010-0111

Sažetak

HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.

Reference

http://secunia.com/advisories/43099
http://secunia.com/advisories/43106
http://securitytracker.com/id?1024997
http://www.securityfocus.com/bid/45935
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01
http://www.vupen.com/english/advisories/2011/0234
http://www.zerodayinitiative.com/advisories/ZDI-11-029
https://exchange.xforce.ibmcloud.com/vulnerabilities/64942
https://exchange.xforce.ibmcloud.com/vulnerabilities/64943

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-08-2017 - 01:31

Objavljeno

31-01-2011 - 21:00