CVE-2009-1430
Symantec Multiple Product Intel Alert Originator Service Invalid Length Check Overflow Vulnerability
Severity Score
8.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.
Desbordamiento múltiple de búfer basado en pila en IAO.EXE en el Intel Alert Originator Service en Symantec Alert Management System 2 (AMS2), tal como se utiliza en Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 anterior a v9.0 MR7, v10.0 y v10.1 anterior a v10.1 MR8, y v10.2 anterior a v10.2 MR2; Symantec Client Security (SCS) v2 anterior a v2.0 MR7 y v3 anterior a v3.1 MR8; y Symantec Endpoint Protection (SEP) anterior a v11.0 MR3, permite a atacantes remotos ejecutar código arbitrario a través de (1) un paquete elaborado o (2) los datos que aparentemente se reciban a del proceso MsgSys.exe.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability.
The specific flaws are exposed via the MsgSys.exe process that listens by default on TCP port 38929. This process forwards requests to the Intel Originator Service (ioa.exe) process. The iao.exe process fails to validate length specifiers within the request in several locations leading to stack based buffer overflows. The overflows occurring during calls to strcpy and memcpy leading to arbitrary code execution in the context of the SYSTEM user.
*Credits:
Sebastian Apelt (sebastian.apelt@siberas.de)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-04-24 CVE Reserved
- 2009-04-28 CVE Published
- 2010-05-13 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/34856 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/503080/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/34672 | Vdb Entry | |
| http://www.securityfocus.com/bid/34674 | Vdb Entry | |
| http://www.securitytracker.com/id?1022130 | Vdb Entry | |
| http://www.securitytracker.com/id?1022131 | Vdb Entry | |
| http://www.securitytracker.com/id?1022132 | Vdb Entry | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2009/1204 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-09-018 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50177 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50178 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16826 | 2010-05-13 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | <= 9.0 Search vendor "Symantec" for product "Antivirus" and version " <= 9.0" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | <= 10.1 Search vendor "Symantec" for product "Antivirus" and version " <= 10.1" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | <= 10.2 Search vendor "Symantec" for product "Antivirus" and version " <= 10.2" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | - | srv |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0 Search vendor "Symantec" for product "Antivirus" and version "10.0" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.1 Search vendor "Symantec" for product "Antivirus" and version "10.0.1" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.1.1 Search vendor "Symantec" for product "Antivirus" and version "10.0.1.1" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.2 Search vendor "Symantec" for product "Antivirus" and version "10.0.2" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.2.1 Search vendor "Symantec" for product "Antivirus" and version "10.0.2.1" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.2.2 Search vendor "Symantec" for product "Antivirus" and version "10.0.2.2" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.3 Search vendor "Symantec" for product "Antivirus" and version "10.0.3" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.4 Search vendor "Symantec" for product "Antivirus" and version "10.0.4" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.5 Search vendor "Symantec" for product "Antivirus" and version "10.0.5" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.6 Search vendor "Symantec" for product "Antivirus" and version "10.0.6" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.7 Search vendor "Symantec" for product "Antivirus" and version "10.0.7" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.8 Search vendor "Symantec" for product "Antivirus" and version "10.0.8" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.0.9 Search vendor "Symantec" for product "Antivirus" and version "10.0.9" | corporate |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Antivirus Central Quarantine Server Search vendor "Symantec" for product "Antivirus Central Quarantine Server" | * | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | <= 3.1 Search vendor "Symantec" for product "Client Security" and version " <= 3.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 2.0 Search vendor "Symantec" for product "Client Security" and version "2.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0 Search vendor "Symantec" for product "Client Security" and version "3.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.0.359 Search vendor "Symantec" for product "Client Security" and version "3.0.0.359" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.1.1000 Search vendor "Symantec" for product "Client Security" and version "3.0.1.1000" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.1.1001 Search vendor "Symantec" for product "Client Security" and version "3.0.1.1001" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.1.1007 Search vendor "Symantec" for product "Client Security" and version "3.0.1.1007" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.1.1008 Search vendor "Symantec" for product "Client Security" and version "3.0.1.1008" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.1.1009 Search vendor "Symantec" for product "Client Security" and version "3.0.1.1009" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.2 Search vendor "Symantec" for product "Client Security" and version "3.0.2" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.2.2000 Search vendor "Symantec" for product "Client Security" and version "3.0.2.2000" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.2.2001 Search vendor "Symantec" for product "Client Security" and version "3.0.2.2001" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.2.2002 Search vendor "Symantec" for product "Client Security" and version "3.0.2.2002" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.2.2010 Search vendor "Symantec" for product "Client Security" and version "3.0.2.2010" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.2.2011 Search vendor "Symantec" for product "Client Security" and version "3.0.2.2011" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.2.2020 Search vendor "Symantec" for product "Client Security" and version "3.0.2.2020" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.0.2.2021 Search vendor "Symantec" for product "Client Security" and version "3.0.2.2021" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | <= 11.0 Search vendor "Symantec" for product "Endpoint Protection" and version " <= 11.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | System Center Search vendor "Symantec" for product "System Center" | * | - |
Affected
| ||||||