CVE-2010-3268: Input Validation
First published: Wed Dec 22 2010(Updated: )
The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Endpoint Protection | =11.0.4-mp1a | |
| Symantec Endpoint Protection | =11.0.2 | |
| Symantec Endpoint Protection | =11.0-ru6a | |
| Symantec Endpoint Protection | =11.0.4 | |
| Symantec Endpoint Protection | =11.0-ru6mp2 | |
| Symantec Endpoint Protection | =11.0.4-mp2 | |
| Symantec Endpoint Protection | =11.0.1-mp1 | |
| Symantec Endpoint Protection | =11.0 | |
| Symantec Endpoint Protection | =11.0.2-mp2 | |
| Symantec Endpoint Protection | =11.0-ru5 | |
| Symantec Endpoint Protection | =11.0-ru6 | |
| Symantec Endpoint Protection | =11.0.3001 | |
| Symantec Endpoint Protection | =11.0-ru6mp1 | |
| Symantec Endpoint Protection | =11.0.1-mp2 | |
| Symantec Endpoint Protection | =11.0.2-mp1 | |
| Symantec Endpoint Protection | =11.0-rtm | |
| Symantec Endpoint Protection | =11.0.1 | |
| Intel Intel Alert Management System | ||
| Symantec AntiVirus | =10.1.4.4010 | |
| Microsoft Windows 2000 | =sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/42593
- http://secunia.com/advisories/43099
- http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos
- http://www.securityfocus.com/archive/1/515191/100/0/threaded
- http://www.securityfocus.com/bid/45936
- http://www.securitytracker.com/id?1024866
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
- http://www.vupen.com/english/advisories/2010/3206
- http://www.vupen.com/english/advisories/2011/0234
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64028
- collector/nvd-index
- collector/nvd-historical
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/intel
- canonical/intel intel alert management system
- vendor/symantec
- canonical/symantec antivirus
- version/symantec antivirus/10.1.4.4010
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/symantec endpoint protection
- version/symantec endpoint protection/11.0
- version/symantec endpoint protection/11.0-rtm
- version/symantec endpoint protection/11.0-ru5
- version/symantec endpoint protection/11.0-ru6
- version/symantec endpoint protection/11.0-ru6a
- version/symantec endpoint protection/11.0-ru6mp1
- version/symantec endpoint protection/11.0-ru6mp2
- version/symantec endpoint protection/11.0.1
- version/symantec endpoint protection/11.0.1-mp1
- version/symantec endpoint protection/11.0.1-mp2
- version/symantec endpoint protection/11.0.2
- version/symantec endpoint protection/11.0.2-mp1
- version/symantec endpoint protection/11.0.2-mp2
- version/symantec endpoint protection/11.0.4
- version/symantec endpoint protection/11.0.4-mp1a
- version/symantec endpoint protection/11.0.4-mp2
- version/symantec endpoint protection/11.0.3001