Vulnerability Name:

CVE-2009-1430 (CCN-50178)

Assigned:2009-04-28
Published:2009-04-28
Updated:2018-10-10
Summary:Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-1430

Source: CCN
Type: SA34856
Symantec Products Alert Management System 2 Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
34856

Source: CCN
Type: SECTRACK ID: 1022130
Symantec Anti Virus Corporate Edition Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1022131
Symantec Client Security Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1022132
Symantec Endpoint Protection Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code

Source: BUGTRAQ
Type: UNKNOWN
20090428 ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability

Source: BID
Type: UNKNOWN
34672

Source: CCN
Type: BID-34672
Multiple Symantec Products Intel Alert Originator Service Stack Overflow Vulnerability

Source: BID
Type: UNKNOWN
34674

Source: CCN
Type: BID-34674
Multiple Symantec Products Intel Alert Originator Service Multiple Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1022130

Source: SECTRACK
Type: UNKNOWN
1022131

Source: SECTRACK
Type: UNKNOWN
1022132

Source: CCN
Type: SYM09-007
Symantec Alert Management System 2 multiple vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Source: VUPEN
Type: UNKNOWN
ADV-2009-1204

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-09-018/

Source: XF
Type: UNKNOWN
symantec-iao-bo(50177)

Source: XF
Type: UNKNOWN
symantec-msgsys-bo(50178)

Source: XF
Type: UNKNOWN
symantec-msgsys-bo(50178)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:antivirus:-:-:srv:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:*:-:corporate:*:*:*:*:* (Version <= 9.0)
  • OR cpe:/a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.1.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2.2:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.3:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.4:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.5:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.6:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.7:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.8:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.9:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:*:*:corporate:*:*:*:*:* (Version <= 10.1)
  • OR cpe:/a:symantec:antivirus:*:*:corporate:*:*:*:*:* (Version <= 10.2)
  • OR cpe:/a:symantec:antivirus_central_quarantine_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:*:*:*:*:*:*:*:* (Version <= 3.1)
  • OR cpe:/a:symantec:endpoint_protection:*:*:*:*:*:*:*:* (Version <= 11.0)
  • OR cpe:/a:symantec:system_center:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.1::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.4::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.2::corporate:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec antivirus - -
    symantec antivirus * -
    symantec antivirus 10.0
    symantec antivirus 10.0.1
    symantec antivirus 10.0.1.1
    symantec antivirus 10.0.2
    symantec antivirus 10.0.2.1
    symantec antivirus 10.0.2.2
    symantec antivirus 10.0.3
    symantec antivirus 10.0.4
    symantec antivirus 10.0.5
    symantec antivirus 10.0.6
    symantec antivirus 10.0.7
    symantec antivirus 10.0.8
    symantec antivirus 10.0.9
    symantec antivirus *
    symantec antivirus *
    symantec antivirus central quarantine server *
    symantec client security 2.0
    symantec client security 3.0
    symantec client security 3.0.0.359
    symantec client security 3.0.1.1000
    symantec client security 3.0.1.1001
    symantec client security 3.0.1.1007
    symantec client security 3.0.1.1008
    symantec client security 3.0.1.1009
    symantec client security 3.0.2
    symantec client security 3.0.2.2000
    symantec client security 3.0.2.2001
    symantec client security 3.0.2.2002
    symantec client security 3.0.2.2010
    symantec client security 3.0.2.2011
    symantec client security 3.0.2.2020
    symantec client security 3.0.2.2021
    symantec client security *
    symantec endpoint protection *
    symantec system center *
    symantec client security 3.1
    symantec client security 3.1.0.396
    symantec client security 3.1.0.401
    symantec antivirus 10.0
    symantec antivirus 10.1
    symantec antivirus 10.0.1
    symantec antivirus 10.0.2
    symantec antivirus 10.0.4
    symantec endpoint protection 11.0.6200.754
    symantec antivirus 10.2