Vulnerability Name:

CVE-2010-3268 (CCN-64028)

Assigned:2010-12-13
Published:2010-12-13
Updated:2018-10-30
Summary:The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2010-3268

Source: CCN
Type: SA42593
Symantec Antivirus Alert Management System Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
42593

Source: CCN
Type: SA43099
Symantec Products Intel Alert Management System Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
43099

Source: CCN
Type: SECTRACK ID: 1024866
Symantec Antivirus Corporate Edition Input Validation Flaw in Intel Handler Service Lets Remote Users Deny Service

Source: CCN
Type: CORE-2010-0728
Symantec Intel Handler Service Remote DoS

Source: MISC
Type: Exploit
http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos

Source: CCN
Type: OSVDB ID: 70002
Symantec Antivirus AMS Intel Alert Handler hndlrsvc.exe prgxhndl.dll GetStringAMSHandler Function Remote DoS

Source: BUGTRAQ
Type: UNKNOWN
20101213 [CORE-2010-0728] Symantec Intel Handler Service Remote Denial-of-Service

Source: CCN
Type: BID-45368
Symantec Antivirus ''hndlrsvc.exe' Denial of Service Vulnerability

Source: BID
Type: UNKNOWN
45936

Source: CCN
Type: BID-45936
Symantec Intel Alert Management System (CVE-2010-0110) Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1024866

Source: CCN
Type: Symantec Web site
Symantec Antivirus Corporate Edition

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00

Source: VUPEN
Type: Vendor Advisory
ADV-2010-3206

Source: VUPEN
Type: UNKNOWN
ADV-2011-0234

Source: XF
Type: UNKNOWN
symantec-antivirus-handler-service-dos(64028)

Source: XF
Type: UNKNOWN
symantec-antivirus-handler-service-dos(64028)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:intel:intel_alert_management_system:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:symantec:antivirus:10.1.4.4010:*:corporate:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:rtm:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru5:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6a:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6mp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:ru6mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.1:mp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.1:mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.2:mp1:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.2:mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.4:mp1a:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.4:mp2:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0.3001:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:antivirus:10.1.4.4010::corporate:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    intel intel alert management system *
    symantec antivirus 10.1.4.4010
    microsoft windows 2000 - sp4
    symantec endpoint protection 11.0
    symantec endpoint protection 11.0 rtm
    symantec endpoint protection 11.0 ru5
    symantec endpoint protection 11.0 ru6
    symantec endpoint protection 11.0 ru6a
    symantec endpoint protection 11.0 ru6mp1
    symantec endpoint protection 11.0 ru6mp2
    symantec endpoint protection 11.0.1
    symantec endpoint protection 11.0.1 mp1
    symantec endpoint protection 11.0.1 mp2
    symantec endpoint protection 11.0.2
    symantec endpoint protection 11.0.2 mp1
    symantec endpoint protection 11.0.2 mp2
    symantec endpoint protection 11.0.4
    symantec endpoint protection 11.0.4 mp1a
    symantec endpoint protection 11.0.4 mp2
    symantec endpoint protection 11.0.3001
    symantec antivirus 10.1.4.4010