CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-11644
https://notcve.org/view.php?id=CVE-2019-11644
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context. • https://www.f-secure.com/en/web/labs_global/fsc-2019-2 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 1%CPEs: 19EXPL: 0CVE-2009-1782
https://notcve.org/view.php?id=CVE-2009-1782
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive. Múltiples productos antivirus F-Secure, incluidos: Anti-Virus for Microsoft Exchange v7.10 y anteriores; Internet Gatekeeper for Windows v6.61 y anteriores, Windows v6.61 y anteriores, y Linux v2.16 y anteriores; Internet Security 2009 y anteriores, Anti-Virus 2009 y anteriores, Client Security v8.0 y anteriores y otros; permiten a atacantes remotos saltar la detección de software malicioso mediante archivos (1) .ZIP y (2) .RAR manipulados. • http://secunia.com/advisories/35008 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html http://www.securityfocus.com/bid/34849 http://www.securitytracker.com/id?1022170 http://www.securitytracker.com/id?1022171 http://www.securitytracker.com/id?1022172 http://www.vupen.com/english/advisories/2009/1262 https://exchange.xforce.ibmcloud.com/vulnerabilities/50346 •
CVSS: 9.3EPSS: 95%CPEs: 8EXPL: 0CVE-2009-1431
https://notcve.org/view.php?id=CVE-2009-1431
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service. XFR.EXE en el servicio Intel File Transfer en la consola en Symantec Alert Management System 2 (AMS2), tal como se utiliza en Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 anteriores a 9.0 MR7, 10.0 y 10.1 anteriores a 10.1 MR8, y 10.2 anteriores a 10.2 MR2; Symantec Client Security (SCS) 2 anteriores a 2.0 MR7 y 3 anteriores a 3.1 MR8; y Symantec Endpoint Protection (SEP) anteriores a 11.0 MR3, permite a atacantes remotos la ejecución de código arbitrario colocando el código en un (1) compartido o (2) servidor WebDAV y luego enviando la ruta al compartido UNC de este servicio. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786 http://secunia.com/advisories/34856 http://www.securityfocus.com/bid/34675 http://www.securitytracker.com/id?1022130 http://www.securitytracker.com/id?1022131 http://www.securitytracker.com/id?1022132 http://www.symantec.com/security_response/securityupdates/detail.jsp? •
CVSS: 10.0EPSS: 97%CPEs: 37EXPL: 3CVE-2009-1429 – Symantec Multiple Product Intel Alert Originator Service Command Execution Vulnerabilty
https://notcve.org/view.php?id=CVE-2009-1429
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function. El LANDesk Common Base Agent (CBA) de Intel en Alert Management System 2 (AMS2) de Symantec, tal y como es usado en System Center (SSS) de Symantec; AntiVirus Server de Symantec; AntiVirus Central Quarantine Server de Symantec; Symantec AntiVirus (SAV) Corporate Edition versiones 9 anteriores a 9.0 MR7, versiones 10.0 y 10.1 anteriores a 10.1 MR8, y versiones 10.2 anteriores a 10.2 MR2; Symantec Client Security (SCS) versiones 2 anteriores a 2.0 MR7 y versiones 3 anteriores a 3.1 MR8; y Symantec Endpoint Protection (SEP) anterior a versión 11.0 MR3, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un paquete diseñado cuyo contenido se interpreta como un comando para ser iniciado en un nuevo proceso mediante la función CreateProcessA. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Intel LANDesk Common Base Agent bundled with the affected products. When a specially crafted packet is sent to TCP port 12174, the contents of the packet are passed directly to a call to CreateProcessA() as the lpCommandLine argument. • https://www.exploit-db.com/exploits/10340 https://www.exploit-db.com/exploits/17699 http://osvdb.org/54157 http://secunia.com/advisories/34856 http://securityreason.com/securityalert/8346 http://www.securityfocus.com/bid/34671 http://www.securitytracker.com/id?1022130 http://www.securitytracker.com/id?1022131 http://www.securitytracker.com/id?1022132 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 97%CPEs: 37EXPL: 1CVE-2009-1430 – Symantec Multiple Product Intel Alert Originator Service Invalid Length Check Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-1430
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process. Desbordamiento múltiple de búfer basado en pila en IAO.EXE en el Intel Alert Originator Service en Symantec Alert Management System 2 (AMS2), tal como se utiliza en Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 anterior a v9.0 MR7, v10.0 y v10.1 anterior a v10.1 MR8, y v10.2 anterior a v10.2 MR2; Symantec Client Security (SCS) v2 anterior a v2.0 MR7 y v3 anterior a v3.1 MR8; y Symantec Endpoint Protection (SEP) anterior a v11.0 MR3, permite a atacantes remotos ejecutar código arbitrario a través de (1) un paquete elaborado o (2) los datos que aparentemente se reciban a del proceso MsgSys.exe. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaws are exposed via the MsgSys.exe process that listens by default on TCP port 38929. This process forwards requests to the Intel Originator Service (ioa.exe) process. • https://www.exploit-db.com/exploits/16826 http://secunia.com/advisories/34856 http://www.securityfocus.com/archive/1/503080/100/0/threaded http://www.securityfocus.com/bid/34672 http://www.securityfocus.com/bid/34674 http://www.securitytracker.com/id?1022130 http://www.securitytracker.com/id?1022131 http://www.securitytracker.com/id?1022132 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •