CVE-2010-0111

HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securitytracker.com/id?1024997
http://www.securityfocus.com/bid/45935
http://www.vupen.com/english/advisories/2011/0234	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-029
http://secunia.com/advisories/43099	Vendor Advisory
http://secunia.com/advisories/43106	Vendor Advisory
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01
https://exchange.xforce.ibmcloud.com/vulnerabilities/64943
https://exchange.xforce.ibmcloud.com/vulnerabilities/64942

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:antivirus:10.0::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1:mr6:corporate:::::*
	cpe:2.3:a:symantec:antivirus:10.1:mp1:corporate:::::*
	cpe:2.3:a:symantec:antivirus:10.1.6.1::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1.6::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0:mr1:corporate:::::*
	cpe:2.3:a:symantec:antivirus:10.0.2::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.4::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.7::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1.9::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1:mr5:corporate:::::*
	cpe:2.3:a:symantec:antivirus:10.2:mr3:corporate:::::*
	cpe:2.3:a:symantec:antivirus:10.2::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.2:mr2:corporate:::::*
	cpe:2.3:a:symantec:antivirus:10.0:mr2:corporate:::::*
	cpe:2.3:a:symantec:antivirus:10.1:mr4:corporate:::::*
	cpe:2.3:a:symantec:antivirus:10.1.5::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1.4.1::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1:mr7:corporate:::::*
	cpe:2.3:a:symantec:antivirus:10.0.1::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1.7::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1.8::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.5::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1.0.1::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.8::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.1.2::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.2.2::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.3::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1.5.1::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.1.4::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.1.1::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.2.1::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.6::corporate:::::
	cpe:2.3:a:symantec:antivirus:10.0.9::corporate:::::

Configuration 2 (hide)

OR	cpe:2.3:a:symantec:system_center:10.0:::::::*
	cpe:2.3:a:symantec:system_center:10.1:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:symantec:antivirus_central_quarantine_server:3.6:::::::*
	cpe:2.3:a:symantec:antivirus_central_quarantine_server:3.5:::::::*

Information

Published : 2011-01-31 13:00

Updated : 2017-08-16 18:31

NVD link : CVE-2010-0111

Mitre link : CVE-2010-0111

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

symantec

system_center
antivirus_central_quarantine_server
antivirus

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://securitytracker.com/id?1024997", "name": "1024997", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/45935", "name": "45935", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2011/0234", "name": "ADV-2011-0234", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-029", "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-029", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/43099", "name": "43099", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/43106", "name": "43106", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01", "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01", "tags": [], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64943", "name": "symantec-intelams2-dos(64943)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64942", "name": "symantec-intelams2-code-execution(64942)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0111", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2011-01-31T21:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1:mr6:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1:mp1:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.6.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.6:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0:mr1:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.2:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.4:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.7:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.9:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1:mr5:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.2:mr3:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.2:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.2:mr2:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0:mr2:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1:mr4:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.5:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.4.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1:mr7:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.7:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.8:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.5:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.0.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.8:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.1.2:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.2.2:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.3:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.5.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.1.4:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.1.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.2.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.6:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus:10.0.9:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:system_center:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:system_center:10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:antivirus_central_quarantine_server:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:antivirus_central_quarantine_server:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:31Z"}

9.3 /10