CVE-2010-0111: Input Validation
First published: Mon Jan 31 2011(Updated: )
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Antivirus | =10.0 | |
| Symantec Antivirus | =10.0-mr1 | |
| Symantec Antivirus | =10.0-mr2 | |
| Symantec Antivirus | =10.0.1 | |
| Symantec Antivirus | =10.0.1.1 | |
| Symantec Antivirus | =10.0.1.2 | |
| Symantec Antivirus | =10.0.2 | |
| Symantec Antivirus | =10.0.2.1 | |
| Symantec Antivirus | =10.0.2.2 | |
| Symantec Antivirus | =10.0.3 | |
| Symantec Antivirus | =10.0.4 | |
| Symantec Antivirus | =10.0.5 | |
| Symantec Antivirus | =10.0.6 | |
| Symantec Antivirus | =10.0.7 | |
| Symantec Antivirus | =10.0.8 | |
| Symantec Antivirus | =10.0.9 | |
| Symantec Antivirus | =10.1 | |
| Symantec Antivirus | =10.1-mp1 | |
| Symantec Antivirus | =10.1-mr4 | |
| Symantec Antivirus | =10.1-mr5 | |
| Symantec Antivirus | =10.1-mr6 | |
| Symantec Antivirus | =10.1-mr7 | |
| Symantec Antivirus | =10.1.0.1 | |
| Symantec Antivirus | =10.1.4 | |
| Symantec Antivirus | =10.1.4.1 | |
| Symantec Antivirus | =10.1.5 | |
| Symantec Antivirus | =10.1.5.1 | |
| Symantec Antivirus | =10.1.6 | |
| Symantec Antivirus | =10.1.6.1 | |
| Symantec Antivirus | =10.1.7 | |
| Symantec Antivirus | =10.1.8 | |
| Symantec Antivirus | =10.1.9 | |
| Symantec Antivirus | =10.2 | |
| Symantec Antivirus | =10.2-mr2 | |
| Symantec Antivirus | =10.2-mr3 | |
| Symantec System Center | =10.0 | |
| Symantec System Center | =10.1 | |
| Symantec AntiVirus Central Quarantine Server | =3.5 | |
| Symantec AntiVirus Central Quarantine Server | =3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1024997
- http://www.securityfocus.com/bid/45935
- http://www.vupen.com/english/advisories/2011/0234
- http://www.zerodayinitiative.com/advisories/ZDI-11-029
- http://secunia.com/advisories/43099
- http://secunia.com/advisories/43106
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64943
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64942
Frequently Asked Questions
What is the severity of CVE-2010-0111?
CVE-2010-0111 has a medium severity rating, indicating potential risk of exploitation.
How do I fix CVE-2010-0111?
To fix CVE-2010-0111, upgrade Symantec AntiVirus Corporate Edition to version 10.1 MR10 or newer.
What systems are affected by CVE-2010-0111?
CVE-2010-0111 affects various versions of Symantec AntiVirus Corporate Edition 10.x prior to 10.1 MR10, along with related products.
What type of vulnerability is CVE-2010-0111?
CVE-2010-0111 is a local privilege escalation vulnerability found in the Intel Alert Handler service.
Is there a known exploit for CVE-2010-0111?
Yes, there are known exploits for CVE-2010-0111 that can leverage the vulnerability to gain elevated privileges on affected systems.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/symantec
- canonical/symantec antivirus
- version/symantec antivirus/10.0
- version/symantec antivirus/10.0-mr1
- version/symantec antivirus/10.0-mr2
- version/symantec antivirus/10.0.1
- version/symantec antivirus/10.0.1.1
- version/symantec antivirus/10.0.1.2
- version/symantec antivirus/10.0.2
- version/symantec antivirus/10.0.2.1
- version/symantec antivirus/10.0.2.2
- version/symantec antivirus/10.0.3
- version/symantec antivirus/10.0.4
- version/symantec antivirus/10.0.5
- version/symantec antivirus/10.0.6
- version/symantec antivirus/10.0.7
- version/symantec antivirus/10.0.8
- version/symantec antivirus/10.0.9
- version/symantec antivirus/10.1
- version/symantec antivirus/10.1-mp1
- version/symantec antivirus/10.1-mr4
- version/symantec antivirus/10.1-mr5
- version/symantec antivirus/10.1-mr6
- version/symantec antivirus/10.1-mr7
- version/symantec antivirus/10.1.0.1
- version/symantec antivirus/10.1.4
- version/symantec antivirus/10.1.4.1
- version/symantec antivirus/10.1.5
- version/symantec antivirus/10.1.5.1
- version/symantec antivirus/10.1.6
- version/symantec antivirus/10.1.6.1
- version/symantec antivirus/10.1.7
- version/symantec antivirus/10.1.8
- version/symantec antivirus/10.1.9
- version/symantec antivirus/10.2
- version/symantec antivirus/10.2-mr2
- version/symantec antivirus/10.2-mr3
- canonical/symantec system center
- version/symantec system center/10.0
- version/symantec system center/10.1
- canonical/symantec antivirus central quarantine server
- version/symantec antivirus central quarantine server/3.5
- version/symantec antivirus central quarantine server/3.6