CVE-2010-0110

Name of the Vulnerable Software and Affected Versions Symantec AntiVirus Corporate Edition versions 10.0 through 10.1 MR9 Symantec System Center versions 10.x Symantec Quarantine Server versions 3.5 through 3.6

Description The issue allows remote attackers to execute arbitrary code via multiple stack-based buffer overflows in Intel Alert Management System. This can be achieved by sending a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service, or by sending a long modem string or PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service. Additionally, sending a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service, can also lead to arbitrary code execution.

Recommendations For Symantec AntiVirus Corporate Edition versions 10.0 through 10.1 MR9, update to version 10.1 MR10 or later. For Symantec System Center versions 10.x, consider disabling the AMSSendAlertAct function in AMSLIB.dll until a patch is available. For Symantec Quarantine Server versions 3.5 through 3.6, restrict access to the msgsys.exe service to minimize the risk of exploitation.