This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detect execute arbitrary commands in Symantec AMS service.
Symantec Antivirus Corporate Edition is a security application. The Alert Management Service (AMS2) is used to manage and report alerts.
Symantec Antivirus Corporate Edition is prone to a remote privilege-escalation vulnerability. The issue affects the Intel Alert Handler service 'hndlrsvc.exe', a component of AMS2. Attackers can send specially crafted network packets to the AMS server console through TCP port 38292 to execute arbitrary commands with SYSTEM-level privileges.
Attackers can exploit this issue to gain SYSTEM-level privileges on an affected computer.
Symantec Antivirus Corporate Edition 10.1.8.8000 is vulnerable; other versions may also be affected.
- Symantec Antivirus Corporate Edition 10.1.8.8000
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: email@example.com.