CVE-2010-3268

Name of the Vulnerable Software and Affected Versions Symantec Antivirus Corporate Edition version 10.1.4.4010 Symantec Endpoint Protection versions prior to 11.x

Description The issue is related to the GetStringAMSHandler function in the Intel Alert Handler service, which does not properly validate the CommandLine field of an AMS request. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted request.

Recommendations For Symantec Antivirus Corporate Edition version 10.1.4.4010, consider updating to a newer version. For Symantec Endpoint Protection versions prior to 11.x, update to version 11.x or later. As a temporary workaround, consider restricting access to the Intel Alert Handler service to minimize the risk of exploitation.