Stack-Based Buffer Overflow in Intel Alert Management System Affecting Symantec Products
CVE-2010-0110

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus
Vendor: CVE Published:; 31 January 2011

Summary

The Intel Alert Management System, utilized within several Symantec products, has multiple stack-based buffer overflow vulnerabilities. Attackers can exploit these weaknesses remotely by sending specially crafted input to the msgsys.exe service. These inputs may include overly long strings, modem strings, or PIN numbers. Such vectors could allow unauthorized remote code execution, posing a significant risk to systems running affected versions of Symantec AntiVirus Corporate Edition, Symantec System Center, and Symantec Quarantine Server. It is imperative that users apply the necessary patches and updates to mitigate these vulnerabilities effectively.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-031

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-11-028

x_refsource_MISC

http://secunia.com/advisories/43099

third-party-advisoryx_refsource_SECUNIA

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 31, 2011
Vulnerability Reserved
Dec 31, 2009