CVE-2009-1431

Name of the Vulnerable Software and Affected Versions Symantec AntiVirus Corporate Edition versions prior to 9.0 MR7 Symantec AntiVirus Corporate Edition versions 10.0 and 10.1 prior to 10.1 MR8 Symantec AntiVirus Corporate Edition version 10.2 prior to 10.2 MR2 Symantec Client Security versions 2.x prior to 2.0 MR7 Symantec Client Security version 3.x prior to 3.1 MR8 Symantec Endpoint Protection versions prior to 11.0 MR3

Description The issue allows remote attackers to execute arbitrary code by placing the code on a share or WebDAV server and then sending the UNC share pathname to the Intel File Transfer service. This service is used in various Symantec products.

Recommendations For Symantec AntiVirus Corporate Edition versions prior to 9.0 MR7, update to version 9.0 MR7 or later. For Symantec AntiVirus Corporate Edition versions 10.0 and 10.1 prior to 10.1 MR8, update to version 10.1 MR8 or later. For Symantec AntiVirus Corporate Edition version 10.2 prior to 10.2 MR2, update to version 10.2 MR2 or later. For Symantec Client Security versions 2.x prior to 2.0 MR7, update to version 2.0 MR7 or later. For Symantec Client Security version 3.x prior to 3.1 MR8, update to version 3.1 MR8 or later. For Symantec Endpoint Protection versions prior to 11.0 MR3, update to version 11.0 MR3 or later.