CVE-2010-3268:antivirus, intel_alert_management_system, endpoint_protection: The GetStringAMSHandler function in prgxhndl.dll in...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3268

antivirus, intel_alert_management_system, endpoint_protection: The GetStringAMSHandler function in prgxhndl.dll in...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3268

Original

The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-22

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-23

Affected Product Tags

cpe:/a:intel:intel_alert_management_system

cpe:/a:symantec:antivirus:10.1.4.4010::corporate

cpe:/a:symantec:endpoint_protection:11.0

cpe:/a:symantec:endpoint_protection:11.0.1

cpe:/a:symantec:endpoint_protection:11.0.1:mp1

cpe:/a:symantec:endpoint_protection:11.0.1:mp2

cpe:/a:symantec:endpoint_protection:11.0.2

cpe:/a:symantec:endpoint_protection:11.0.2:mp1

cpe:/a:symantec:endpoint_protection:11.0.2:mp2

cpe:/a:symantec:endpoint_protection:11.0.3001

cpe:/a:symantec:endpoint_protection:11.0.4

cpe:/a:symantec:endpoint_protection:11.0.4:mp1a

cpe:/a:symantec:endpoint_protection:11.0.4:mp2

cpe:/a:symantec:endpoint_protection:11.0:rtm

cpe:/a:symantec:endpoint_protection:11.0:ru5

cpe:/a:symantec:endpoint_protection:11.0:ru6

cpe:/a:symantec:endpoint_protection:11.0:ru6a

cpe:/a:symantec:endpoint_protection:11.0:ru6mp1

cpe:/a:symantec:endpoint_protection:11.0:ru6mp2

cpe:/o:microsoft:windows:2000:sp4

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BUGTRAQ 20101213 [CORE-2010-0728] Symantec Intel Handler Service Remote Denial-of-Service

MISC http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos

SECUNIA 42593

VUPEN ADV-2010-3206

Vulnerability Type Input Validation (CWE-20)

XF symantec-antivirus-handler-service-dos(64028)