CVSS: 4.3EPSS: 1%CPEs: 26EXPL: 0CVE-2009-1428
https://notcve.org/view.php?id=CVE-2009-1428
Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors." Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ccLgView.exe en Symantec Log Viewer, utilizado en Symantec AntiVirus (SAV), anterior a v10.1 MR8, Symantec Endpoint Protection (SEP) v11.0 anteriores a v11.0 MR1, Norton 360 v1.0, y Norton Internet Security 2005 hasta 2008, permite a atacantes remotos inyectar HTML o scripts web arbitrarios a su elección a través de un mensaje de correo electrónico elaborado ,relacionadas con "dos errores de análisis sintáctico." • http://osvdb.org/54132 http://secunia.com/advisories/34936 http://www.securityfocus.com/bid/34669 http://www.securitytracker.com/id?1022133 http://www.securitytracker.com/id?1022134 http://www.securitytracker.com/id?1022135 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01 http://www.vupen.com/english/advisories/2009/1203 https://exchange.xforce.ibmcloud.com/vulnerabilities/50170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 95%CPEs: 8EXPL: 0CVE-2009-1431
https://notcve.org/view.php?id=CVE-2009-1431
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service. XFR.EXE en el servicio Intel File Transfer en la consola en Symantec Alert Management System 2 (AMS2), tal como se utiliza en Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 anteriores a 9.0 MR7, 10.0 y 10.1 anteriores a 10.1 MR8, y 10.2 anteriores a 10.2 MR2; Symantec Client Security (SCS) 2 anteriores a 2.0 MR7 y 3 anteriores a 3.1 MR8; y Symantec Endpoint Protection (SEP) anteriores a 11.0 MR3, permite a atacantes remotos la ejecución de código arbitrario colocando el código en un (1) compartido o (2) servidor WebDAV y luego enviando la ruta al compartido UNC de este servicio. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786 http://secunia.com/advisories/34856 http://www.securityfocus.com/bid/34675 http://www.securitytracker.com/id?1022130 http://www.securitytracker.com/id?1022131 http://www.securitytracker.com/id?1022132 http://www.symantec.com/security_response/securityupdates/detail.jsp? •
CVSS: 10.0EPSS: 97%CPEs: 37EXPL: 3CVE-2009-1429 – Symantec Multiple Product Intel Alert Originator Service Command Execution Vulnerabilty
https://notcve.org/view.php?id=CVE-2009-1429
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function. El LANDesk Common Base Agent (CBA) de Intel en Alert Management System 2 (AMS2) de Symantec, tal y como es usado en System Center (SSS) de Symantec; AntiVirus Server de Symantec; AntiVirus Central Quarantine Server de Symantec; Symantec AntiVirus (SAV) Corporate Edition versiones 9 anteriores a 9.0 MR7, versiones 10.0 y 10.1 anteriores a 10.1 MR8, y versiones 10.2 anteriores a 10.2 MR2; Symantec Client Security (SCS) versiones 2 anteriores a 2.0 MR7 y versiones 3 anteriores a 3.1 MR8; y Symantec Endpoint Protection (SEP) anterior a versión 11.0 MR3, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un paquete diseñado cuyo contenido se interpreta como un comando para ser iniciado en un nuevo proceso mediante la función CreateProcessA. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Intel LANDesk Common Base Agent bundled with the affected products. When a specially crafted packet is sent to TCP port 12174, the contents of the packet are passed directly to a call to CreateProcessA() as the lpCommandLine argument. • https://www.exploit-db.com/exploits/10340 https://www.exploit-db.com/exploits/17699 http://osvdb.org/54157 http://secunia.com/advisories/34856 http://securityreason.com/securityalert/8346 http://www.securityfocus.com/bid/34671 http://www.securitytracker.com/id?1022130 http://www.securitytracker.com/id?1022131 http://www.securitytracker.com/id?1022132 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 97%CPEs: 37EXPL: 1CVE-2009-1430 – Symantec Multiple Product Intel Alert Originator Service Invalid Length Check Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1430
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process. Desbordamiento múltiple de búfer basado en pila en IAO.EXE en el Intel Alert Originator Service en Symantec Alert Management System 2 (AMS2), tal como se utiliza en Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 anterior a v9.0 MR7, v10.0 y v10.1 anterior a v10.1 MR8, y v10.2 anterior a v10.2 MR2; Symantec Client Security (SCS) v2 anterior a v2.0 MR7 y v3 anterior a v3.1 MR8; y Symantec Endpoint Protection (SEP) anterior a v11.0 MR3, permite a atacantes remotos ejecutar código arbitrario a través de (1) un paquete elaborado o (2) los datos que aparentemente se reciban a del proceso MsgSys.exe. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaws are exposed via the MsgSys.exe process that listens by default on TCP port 38929. This process forwards requests to the Intel Originator Service (ioa.exe) process. • https://www.exploit-db.com/exploits/16826 http://secunia.com/advisories/34856 http://www.securityfocus.com/archive/1/503080/100/0/threaded http://www.securityfocus.com/bid/34672 http://www.securityfocus.com/bid/34674 http://www.securitytracker.com/id?1022130 http://www.securitytracker.com/id?1022131 http://www.securitytracker.com/id?1022132 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5522
https://notcve.org/view.php?id=CVE-2008-5522
AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. AVG Anti-Virus v8.0.0.161, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •