// For flags

CVE-2009-1429

Symantec Multiple Product Intel Alert Originator Service Command Execution Vulnerabilty

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.

El LANDesk Common Base Agent (CBA) de Intel en Alert Management System 2 (AMS2) de Symantec, tal y como es usado en System Center (SSS) de Symantec; AntiVirus Server de Symantec; AntiVirus Central Quarantine Server de Symantec; Symantec AntiVirus (SAV) Corporate Edition versiones 9 anteriores a 9.0 MR7, versiones 10.0 y 10.1 anteriores a 10.1 MR8, y versiones 10.2 anteriores a 10.2 MR2; Symantec Client Security (SCS) versiones 2 anteriores a 2.0 MR7 y versiones 3 anteriores a 3.1 MR8; y Symantec Endpoint Protection (SEP) anterior a versión 11.0 MR3, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un paquete diseñado cuyo contenido se interpreta como un comando para ser iniciado en un nuevo proceso mediante la función CreateProcessA.

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the Intel LANDesk Common Base Agent bundled with the affected products. When a specially crafted packet is sent to TCP port 12174, the contents of the packet are passed directly to a call to CreateProcessA() as the lpCommandLine argument. The resulting command will be executed with SYSTEM privileges.

Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.

*Credits: Tenable Network Security
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-04-24 CVE Reserved
  • 2009-04-28 CVE Published
  • 2009-04-28 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-11-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
<= 9.0
Search vendor "Symantec" for product "Antivirus" and version " <= 9.0"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
<= 10.1
Search vendor "Symantec" for product "Antivirus" and version " <= 10.1"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
<= 10.2
Search vendor "Symantec" for product "Antivirus" and version " <= 10.2"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
-srv
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0
Search vendor "Symantec" for product "Antivirus" and version "10.0"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.1
Search vendor "Symantec" for product "Antivirus" and version "10.0.1"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.1.1
Search vendor "Symantec" for product "Antivirus" and version "10.0.1.1"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.2
Search vendor "Symantec" for product "Antivirus" and version "10.0.2"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.2.1
Search vendor "Symantec" for product "Antivirus" and version "10.0.2.1"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.2.2
Search vendor "Symantec" for product "Antivirus" and version "10.0.2.2"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.3
Search vendor "Symantec" for product "Antivirus" and version "10.0.3"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.4
Search vendor "Symantec" for product "Antivirus" and version "10.0.4"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.5
Search vendor "Symantec" for product "Antivirus" and version "10.0.5"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.6
Search vendor "Symantec" for product "Antivirus" and version "10.0.6"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.7
Search vendor "Symantec" for product "Antivirus" and version "10.0.7"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.8
Search vendor "Symantec" for product "Antivirus" and version "10.0.8"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.0.9
Search vendor "Symantec" for product "Antivirus" and version "10.0.9"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus Central Quarantine Server
Search vendor "Symantec" for product "Antivirus Central Quarantine Server"
*-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
<= 3.1
Search vendor "Symantec" for product "Client Security" and version " <= 3.1"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
2.0
Search vendor "Symantec" for product "Client Security" and version "2.0"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0
Search vendor "Symantec" for product "Client Security" and version "3.0"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.0.359
Search vendor "Symantec" for product "Client Security" and version "3.0.0.359"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.1.1000
Search vendor "Symantec" for product "Client Security" and version "3.0.1.1000"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.1.1001
Search vendor "Symantec" for product "Client Security" and version "3.0.1.1001"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.1.1007
Search vendor "Symantec" for product "Client Security" and version "3.0.1.1007"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.1.1008
Search vendor "Symantec" for product "Client Security" and version "3.0.1.1008"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.1.1009
Search vendor "Symantec" for product "Client Security" and version "3.0.1.1009"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.2
Search vendor "Symantec" for product "Client Security" and version "3.0.2"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.2.2000
Search vendor "Symantec" for product "Client Security" and version "3.0.2.2000"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.2.2001
Search vendor "Symantec" for product "Client Security" and version "3.0.2.2001"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.2.2002
Search vendor "Symantec" for product "Client Security" and version "3.0.2.2002"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.2.2010
Search vendor "Symantec" for product "Client Security" and version "3.0.2.2010"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.2.2011
Search vendor "Symantec" for product "Client Security" and version "3.0.2.2011"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.2.2020
Search vendor "Symantec" for product "Client Security" and version "3.0.2.2020"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.0.2.2021
Search vendor "Symantec" for product "Client Security" and version "3.0.2.2021"
-
Affected
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
<= 11.0
Search vendor "Symantec" for product "Endpoint Protection" and version " <= 11.0"
-
Affected
Symantec
Search vendor "Symantec"
System Center
Search vendor "Symantec" for product "System Center"
*-
Affected