CVE-2010-3268: Input Validation
First published: Wed Dec 22 2010(Updated: )
The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Endpoint Protection | =11.0.4-mp1a | |
| Symantec Endpoint Protection | =11.0.2 | |
| Symantec Endpoint Protection | =11.0-ru6a | |
| Symantec Endpoint Protection | =11.0.4 | |
| Symantec Endpoint Protection | =11.0-ru6mp2 | |
| Symantec Endpoint Protection | =11.0.4-mp2 | |
| Symantec Endpoint Protection | =11.0.1-mp1 | |
| Symantec Endpoint Protection | =11.0 | |
| Symantec Endpoint Protection | =11.0.2-mp2 | |
| Symantec Endpoint Protection | =11.0-ru5 | |
| Symantec Endpoint Protection | =11.0-ru6 | |
| Symantec Endpoint Protection | =11.0.3001 | |
| Symantec Endpoint Protection | =11.0-ru6mp1 | |
| Symantec Endpoint Protection | =11.0.1-mp2 | |
| Symantec Endpoint Protection | =11.0.2-mp1 | |
| Symantec Endpoint Protection | =11.0-rtm | |
| Symantec Endpoint Protection | =11.0.1 | |
| Intel Alert Management System | ||
| Symantec Antivirus | =10.1.4.4010 | |
| Microsoft Windows 2000 | =sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/42593
- http://secunia.com/advisories/43099
- http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos
- http://www.securityfocus.com/archive/1/515191/100/0/threaded
- http://www.securityfocus.com/bid/45936
- http://www.securitytracker.com/id?1024866
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
- http://www.vupen.com/english/advisories/2010/3206
- http://www.vupen.com/english/advisories/2011/0234
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64028
Frequently Asked Questions
What is the severity of CVE-2010-3268?
CVE-2010-3268 has a high severity rating as it can lead to a remote denial of service.
How do I fix CVE-2010-3268?
To fix CVE-2010-3268, you should update to the latest version of Symantec Endpoint Protection or Symantec Antivirus that addresses this vulnerability.
What systems are affected by CVE-2010-3268?
CVE-2010-3268 affects specific versions of Symantec Endpoint Protection and Symantec Antivirus running on Windows 2000 SP4.
Is CVE-2010-3268 a critical vulnerability?
Yes, CVE-2010-3268 is considered critical due to its potential to cause significant disruption to service.
Who is responsible for addressing CVE-2010-3268?
The responsibility for addressing CVE-2010-3268 lies with the users of the affected Symantec software to apply the necessary updates.
- collector/nvd-historical
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/symantec
- canonical/symantec endpoint protection
- version/symantec endpoint protection/11.0.4-mp1a
- version/symantec endpoint protection/11.0.2
- version/symantec endpoint protection/11.0-ru6a
- version/symantec endpoint protection/11.0.4
- version/symantec endpoint protection/11.0-ru6mp2
- version/symantec endpoint protection/11.0.4-mp2
- version/symantec endpoint protection/11.0.1-mp1
- version/symantec endpoint protection/11.0
- version/symantec endpoint protection/11.0.2-mp2
- version/symantec endpoint protection/11.0-ru5
- version/symantec endpoint protection/11.0-ru6
- version/symantec endpoint protection/11.0.3001
- version/symantec endpoint protection/11.0-ru6mp1
- version/symantec endpoint protection/11.0.1-mp2
- version/symantec endpoint protection/11.0.2-mp1
- version/symantec endpoint protection/11.0-rtm
- version/symantec endpoint protection/11.0.1
- vendor/intel
- canonical/intel alert management system
- canonical/symantec antivirus
- version/symantec antivirus/10.1.4.4010
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4