Remote Code Execution Flaw in Symantec IM Manager Administrative Interface
CVE-2010-3719

Currently unrated

Key Information:

Vendor: Symantec
Status: Im Manager
Vendor: CVE Published:; 2 February 2011

Summary

The administrative interface for Symantec IM Manager contains an eval injection vulnerability in the IMAdminSchedTask.asp file. This flaw allows remote attackers to exploit unspecified parameters in the ScheduleTask method, leading to the execution of arbitrary code. Proper security measures and updates are essential to mitigate such risks to system integrity and user confidentiality.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-037

x_refsource_MISC

http://www.securityfocus.com/archive/1/516103/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/45946

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 2, 2011
Vulnerability Reserved
Oct 1, 2010