Signature Detail

APP: Symantec Antivirus Intel Alert Handler Service Denial of Service (1)

This signature detects attempts to exploit a known vulnerability in Symantec's Antivirus Intel Alert Handler service. It is due to an input validation error when handling the arguments passed in AMS messages sent to the affected service. An attacker can exploit this by sending a crafted packet, containing a malicious size value, to the target service. A successful attack can result in termination of the affected service, causing a denial-of-service condition.

Extended Description

Symantec Intel Alert Management System is prone to multiple remote code-execution vulnerabilities due to improper message handling. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Other attacks are also possible.

Affected Products

• Symantec AntiVirus 10
• Symantec AntiVirus Corporate Edition 10.0.0
• Symantec AntiVirus Corporate Edition 10.0.0.359
• Symantec AntiVirus Corporate Edition 10.0.1.1000
• Symantec AntiVirus Corporate Edition 10.0.1.1001 (MR1-PP1)
• Symantec AntiVirus Corporate Edition 10.0.1.1003 (MR1-PP2)
• Symantec AntiVirus Corporate Edition 10.0.1.1007
• Symantec AntiVirus Corporate Edition 10.0.1.1008
• Symantec AntiVirus Corporate Edition 10.0.1.1009 (MR1-PP9)
• Symantec AntiVirus Corporate Edition 10.0.2.2000
• Symantec AntiVirus Corporate Edition 10.0.2 .2001
• Symantec AntiVirus Corporate Edition 10.0.2.2002
• Symantec AntiVirus Corporate Edition 10.0.2.2010
• Symantec AntiVirus Corporate Edition 10.0.2.2011
• Symantec AntiVirus Corporate Edition 10.0.2.2020
• Symantec AntiVirus Corporate Edition 10.0.2.2021
• Symantec AntiVirus Corporate Edition 10.1
• Symantec AntiVirus Corporate Edition 10.1.0.394
• Symantec AntiVirus Corporate Edition 10.1.0.396
• Symantec AntiVirus Corporate Edition 10.1.0.400
• Symantec AntiVirus Corporate Edition 10.1.0.401
• Symantec AntiVirus Corporate Edition 10.1.4
• Symantec AntiVirus Corporate Edition 10.1.4.4000 (MR4)
• Symantec AntiVirus Corporate Edition 10.1.4.4010
• Symantec AntiVirus Corporate Edition 10.1.4 MR4 MP1 - build 4010
• Symantec AntiVirus Corporate Edition 10.1.5.5000 (MR5)
• Symantec AntiVirus Corporate Edition 10.1.5.5001 (MR5-PP1)
• Symantec AntiVirus Corporate Edition 10.1.5.5010 (MR5-MP1)
• Symantec AntiVirus Corporate Edition 10.1.6.600
• Symantec AntiVirus Corporate Edition 10.1.6.6000
• Symantec AntiVirus Corporate Edition 10.1.6.6010 (MR6-MP1)
• Symantec AntiVirus Corporate Edition 10.1.7.7000 (MR7)
• Symantec AntiVirus Corporate Edition 10.1.8.8000
• Symantec AntiVirus Corporate Edition 10.1 MR6
• Symantec AntiVirus Corporate Edition 10.1 MR6 MP1
• Symantec AntiVirus Corporate Edition 10.1 MR7
• Symantec AntiVirus Corporate Edition 10.1 MR8
• Symantec AntiVirus Corporate Edition 10.1 MR9
• Symantec Quarantine Server 3.5
• Symantec Quarantine Server 3.6
• Symantec System Center

References

• BugTraq: 45935
• CVE: CVE-2010-0111