Page 22 of 121 results (0.009 seconds)

CVSS: 10.0EPSS: 37%CPEs: 39EXPL: 0

HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call. HDNLRSVC.EXE en el servicio Intel Alert Handler (también conocido como servicio Symantec Intel Handler) en Intel Alert Management System (también conocido como AMS o AMS2) como el utilizado en Symantec AntiVirus Corporate Edition (SAVCE) v10.x anterior a v10.1 MR10, Symantec System Center (SSC) v10.x, y Symantec Quarantine Server v3.5 y v3.6, permite a atacantes remotos ejecutar programas de su eleeción enviando msgsys.exe a una ruta de acceso compartido UNC que es usada directamente en la llamada CreateProcessA (también conocido como CreateProcess). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Intel Alert Originator (iao.exe) service. While processing messages sent from the msgsys.exe process a size check can be bypassed and a subsequent stack-based buffer overflow can be triggered. • http://secunia.com/advisories/43099 http://secunia.com/advisories/43106 http://securitytracker.com/id?1024997 http://www.securityfocus.com/bid/45935 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01 http://www.vupen.com/english/advisories/2011/0234 http://www.zerodayinitiative.com/advisories/ZDI-11-029 https://exchange.xforce.ibmcloud.com/vulnerabilities/64942 https://exchange.xforce.ibmcloud.com/vulnerabilities/649 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 83%CPEs: 20EXPL: 1

The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. La función GetStringAMSHandler en prgxhndl.dll en hndlrsvc.exe en Intel Alert Handler service (conocido como Symantec Intel Handler service) en Intel Alert Management System (AMS), como el usado en Symantec Antivirus Corporate Edition v10.1.4.4010 en Windows 2000 SP4 y Symantec Endpoint Protection anterior v11.x, no valida adecuadamente el campo CommandLine de una petición AMS, lo que permite a atacantes remotos causar una denegación de servicio (caída aplicación) a través de peticiones manipuladas. • http://secunia.com/advisories/42593 http://secunia.com/advisories/43099 http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos http://www.securityfocus.com/archive/1/515191/100/0/threaded http://www.securityfocus.com/bid/45936 http://www.securitytracker.com/id?1024866 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00 http://www.vupen.com/english/advisories/2010/3206 http://www.vu • CWE-20: Improper Input Validation •

CVSS: 1.9EPSS: 0%CPEs: 54EXPL: 0

The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources. El escaneo bajo demanda en Symantec AntiVirus v10.0.x y v10.1.x anterior a MR9, AntiVirus v10.2.x, Client Security v3.0.x y v3.1.x anterior a MR9 y Endpoint Protection v11.x, cuando la protección de manipulación está desactivado, permite a atacantes remotos provocar una denegación de servicio (prevención de escaneo bajo demanda) a través de "eventos concretos" que impiden que el usuario tenga acceso de lectura a recursos no especificados. • http://osvdb.org/62414 http://secunia.com/advisories/38653 http://www.securityfocus.com/bid/38219 http://www.securitytracker.com/id?1023621 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_00 http://www.vupen.com/english/advisories/2010/0410 https://exchange.xforce.ibmcloud.com/vulnerabilities/56354 •

CVSS: 10.0EPSS: 46%CPEs: 54EXPL: 1

Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function. Desbordamiento de búfer en un control ActiveX en el proxy de cliente de Symantec (CLIproxy.dll) en Symantec AntiVirus v10.0.x, v10.1.x anterior a MR9 y v10.2.x anterior a MR4 y Symantec Client Security v3.0.x y v3.1.x anterior a MR9 podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos relacionados con un proxy. • https://www.exploit-db.com/exploits/33642 http://dsecrg.com/pages/vul/show.php?id=139 http://secunia.com/advisories/38651 http://www.securityfocus.com/archive/1/509681/100/0/threaded http://www.securityfocus.com/bid/38222 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02 http://www.vupen.com/english/advisories/2010/0412 https://exchange.xforce.ibmcloud.com/vulnerabilities/56355 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs. TrustPort Antivirus anterior v2.8.0.2266 y PC Security anterior v2.0.0.1291 usa permisos débiles (Todos: control total) para archivos bajo %PROGRAMFILES%, que permite a usuarios locales obtener privilegios reemplazando ejecutables con programas troyanos. • http://secunia.com/advisories/36880 http://www.securityfocus.com/archive/1/506751/100/0/threaded http://www.trustport.com/en/notices/security-update-of-trustport-products • CWE-732: Incorrect Permission Assignment for Critical Resource •