Remote Command Execution Vulnerability in Symantec Products
CVE-2009-1429

Currently unrated

Key Information:

Vendor: Symantec
Status: Client Security; Antivirus; Antivirus Central Quarantine Server; Endpoint Protection
Vendor: CVE Published:; 29 April 2009

Summary

The Intel LANDesk Common Base Agent within various Symantec products allows remote attackers to execute arbitrary commands through specially crafted packets. These packets are processed by the vulnerable CreateProcessA function, leading to potential unauthorized actions on affected systems. This vulnerability emphasizes the need for prompt updates and careful monitoring of systems utilizing Symantec software.

References

http://www.vupen.com/english/advisories/2009/1204

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1022132

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id?1022130

vdb-entryx_refsource_SECTRACK

EPSS Score

89% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 29, 2009
Vulnerability Reserved
Apr 24, 2009