Vulnerability CVE-2010-0111

Vulnerability Name:

CVE-2010-0111 (CCN-64942)

Assigned:

2009-12-31

Published:

2011-01-26

Updated:

2017-08-17

Summary:

HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

5.0 Medium (CCN CVSS v2 Vector: AV:A/AC:H/Au:S/C:N/I:P/A:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:A/AC:H/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-0111

Source: CCN
Type: SA43099
Symantec Products Intel Alert Management System Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
43099

Source: CCN
Type: SA43106
Symantec Quarantine Server Intel Alert Management System Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
43106

Source: SECTRACK
Type: UNKNOWN
1024997

Source: BID
Type: UNKNOWN
45935

Source: CCN
Type: BID-45935
Symantec Intel Alert Management System Message Handling Multiple Code Execution Vulnerabilities

Source: CCN
Type: SYM11- 003
Multiple Symantec Intel Alert Management System Arbitrary Message Creation or Denial of Service

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0234

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-11-029

Source: XF
Type: UNKNOWN
symantec-intelams2-code-execution(64942)

Source: XF
Type: UNKNOWN
symantec-intelams2-code-execution(64942)

Source: XF
Type: UNKNOWN
symantec-intelams2-dos(64943)

Source: CCN
Type: ZDI-11-029
Symantec AMS Intel Alert Handler Service CreateProcess Remote Code Execution Vulnerability

Source: CCN
Type: ZDI-11-030
Symantec AMS Intel Alert Handler Modem String Parsing Remote Code Execution Vulnerability

Source: CCN
Type: ZDI-11-031
Symantec AMS Intel Alert Handler Pin Number Parsing Remote Code Execution Vulnerability

Source: CCN
Type: ZDI-11-032
Symantec Intel Alert Originator Service iao.exe Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0:mr1:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0:mr2:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.1.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.1.2:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.2:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.2.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.2.2:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.3:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.4:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.5:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.6:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.7:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.8:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.0.9:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1:mp1:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1:mr4:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1:mr5:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1:mr6:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1:mr7:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.0.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.4:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.4.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.5:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.5.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.6:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.6.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.7:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.8:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.9:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.2:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.2:mr2:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.2:mr3:corporate:*:*:*:*:*

Configuration 2:

cpe:/a:symantec:system_center:10.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:system_center:10.1:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:symantec:antivirus_central_quarantine_server:3.5:*:*:*:*:*:*:*

OR cpe:/a:symantec:antivirus_central_quarantine_server:3.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2010-0111 (CCN-64943)

Assigned:

2009-12-31

Published:

2011-01-26

Updated:

2011-01-26

Summary:

Multiple Symantec products are vulnerable to a denial of service, caused by an error in the Intel AMS2 component. By sending specially-crafted packets to TCP port 38292, a remote attacker from within the local network could exploit this vulnerability to crash the Intel Alert Handler service.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

5.0 Medium (CCN CVSS v2 Vector: AV:A/AC:H/Au:S/C:N/I:P/A:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:A/AC:H/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2010-0111

Source: CCN
Type: SA43099
Symantec Products Intel Alert Management System Multiple Vulnerabilities

Source: CCN
Type: SA43106
Symantec Quarantine Server Intel Alert Management System Multiple Vulnerabilities

Source: CCN
Type: BID-45935
Symantec Intel Alert Management System Message Handling Multiple Code Execution Vulnerabilities

Source: CCN
Type: SYM11- 003
Multiple Symantec Intel Alert Management System Arbitrary Message Creation or Denial of Service

Source: XF
Type: UNKNOWN
symantec-intelams2-dos(64943)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:symantec:antivirus:10.1.4:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1:*:corporate:*:*:*:*:*

OR cpe:/a:symantec:antivirus:10.1.4.4010:*:corporate:*:*:*:*:*

Denotes that component is vulnerable

BACK