1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Symantec Intel AMS CVE-2010-0110

Attack: Symantec Intel AMS CVE-2010-0110

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in Symantec's Intel Alert Management System.

Additional Information

Symantec Intel Alert Management System (AMS2) is used to manage and report alerts in multiple Symantec products including Symantec AntiVirus Corporate Edition Server (SAVCE), Symantec System Center (SSC), and Symantec Quarantine Server.

AMS2 is prone to multiple remote buffer-overflow vulnerabilities because it fails to properly bounds check user-supplied input. The problem occurs in the 'AMSLIB.dll' module when handling specially malformed packets sent from the 'msgsys.exe' service.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • Symantec Quarantine Server 3.6
  • Symantec Quarantine Server 3.5
  • Symantec AntiVirus Corporate Edition 10.1.7 .7000 (MR7)
  • Symantec AntiVirus Corporate Edition 10.1.6 .6010 (MR6-MP1)
  • Symantec AntiVirus Corporate Edition 10.1.5 .5010 (MR5-MP1)
  • Symantec AntiVirus Corporate Edition 10.1.5 .5001 (MR5-PP1)
  • Symantec AntiVirus Corporate Edition 10.1.5 .5000 (MR5)
  • Symantec AntiVirus Corporate Edition 10.1.4 MR4 MP1 - build 4010
  • Symantec AntiVirus Corporate Edition 10.1.4 .4000 (MR4)
  • Symantec AntiVirus Corporate Edition 10.1.4
  • Symantec AntiVirus Corporate Edition 10.1 .401
  • Symantec AntiVirus Corporate Edition 10.1 .400
  • Symantec AntiVirus Corporate Edition 10.1 .396
  • Symantec AntiVirus Corporate Edition 10.1 .394
  • Symantec AntiVirus Corporate Edition 10.0.2 .2021
  • Symantec AntiVirus Corporate Edition 10.0.2 .2020
  • Symantec AntiVirus Corporate Edition 10.0.2 .2011
  • Symantec AntiVirus Corporate Edition 10.0.2 .2010
  • Symantec AntiVirus Corporate Edition 10.0.2 .2002
  • Symantec AntiVirus Corporate Edition 10.0.2 .2001
  • Symantec AntiVirus Corporate Edition 10.0.2 .2000
  • Symantec AntiVirus Corporate Edition 10.0.1 .1009 (MR1-PP9)
  • Symantec AntiVirus Corporate Edition 10.0.1 .1003 (MR1-PP2)
  • Symantec AntiVirus Corporate Edition 10.0.1 .1001 (MR1-PP1)
  • Symantec AntiVirus Corporate Edition 10.0
  • Symantec AntiVirus Corporate Edition 10.1.8.8000
  • Symantec AntiVirus Corporate Edition 10.1.6.6000
  • Symantec AntiVirus Corporate Edition 10.1.6.600
  • Symantec AntiVirus Corporate Edition 10.1.4.4010
  • Symantec AntiVirus Corporate Edition 10.1 MR9
  • Symantec AntiVirus Corporate Edition 10.1 MR8
  • Symantec AntiVirus Corporate Edition 10.1 MR7
  • Symantec AntiVirus Corporate Edition 10.1 MR6 MP1
  • Symantec AntiVirus Corporate Edition 10.1 MR6
  • Symantec AntiVirus Corporate Edition 10.1
  • Symantec AntiVirus Corporate Edition 10.0.1.1008
  • Symantec AntiVirus Corporate Edition 10.0.1.1007
  • Symantec AntiVirus Corporate Edition 10.0.1.1000
  • Symantec AntiVirus Corporate Edition 10.0.0.359
  • Symantec AntiVirus 10

Response

Updates are available. Please contact the vendor for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube