CVE-2009-1429

Name of the Vulnerable Software and Affected Versions Symantec AntiVirus Corporate Edition versions prior to 9.0 MR7 Symantec AntiVirus Corporate Edition versions 10.0 and 10.1 prior to 10.1 MR8 Symantec AntiVirus Corporate Edition version 10.2 prior to 10.2 MR2 Symantec Client Security versions 2.x prior to 2.0 MR7 Symantec Client Security versions 3.x prior to 3.1 MR8 Symantec Endpoint Protection versions prior to 11.0 MR3

Description The issue allows remote attackers to execute arbitrary commands by sending a crafted packet. This packet's contents are interpreted as a command to be launched in a new process by the CreateProcessA function.

Recommendations For Symantec AntiVirus Corporate Edition versions prior to 9.0 MR7, update to version 9.0 MR7 or later. For Symantec AntiVirus Corporate Edition versions 10.0 and 10.1 prior to 10.1 MR8, update to version 10.1 MR8 or later. For Symantec AntiVirus Corporate Edition version 10.2 prior to 10.2 MR2, update to version 10.2 MR2 or later. For Symantec Client Security versions 2.x prior to 2.0 MR7, update to version 2.0 MR7 or later. For Symantec Client Security versions 3.x prior to 3.1 MR8, update to version 3.1 MR8 or later. For Symantec Endpoint Protection versions prior to 11.0 MR3, update to version 11.0 MR3 or later.