Stack-based Buffer Overflow in Symantec Alert Management System
CVE-2009-1430

Currently unrated

Key Information:

Vendor: Symantec
Status: Client Security; Antivirus; Antivirus Central Quarantine Server; Endpoint Protection
Vendor: CVE Published:; 29 April 2009

Summary

Multiple stack-based buffer overflows exist within the IAO.EXE component of the Intel Alert Originator Service found in the Symantec Alert Management System. This vulnerability affects several products, enabling remote attackers to potentially execute arbitrary code by sending specially crafted packets or manipulating data that appears to originate from the MsgSys.exe process, thereby compromising system integrity.

References

http://www.vupen.com/english/advisories/2009/1204

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1022132

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/503080/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

60% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 29, 2009
Vulnerability Reserved
Apr 24, 2009