CVE-2010-0111

Name of the Vulnerable Software and Affected Versions Symantec AntiVirus Corporate Edition versions prior to 10.1 MR10 Symantec System Center versions 10.x Symantec Quarantine Server versions 3.5 through 3.6

Description The issue allows remote attackers to execute arbitrary programs by sending a UNC share pathname to msgsys.exe, which is used directly in a CreateProcessA call. This can lead to remote code execution.

Recommendations For Symantec AntiVirus Corporate Edition versions prior to 10.1 MR10, update to version 10.1 MR10 or later. For Symantec System Center versions 10.x, consider disabling the HDNLRSVC.EXE service until a patch is available. For Symantec Quarantine Server versions 3.5 through 3.6, restrict access to the msgsys.exe component to minimize the risk of exploitation.