Signature Detail
Short Name |
APP:SYMC:AV-INTEL-ALERT |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Symantec Antivirus Intel Alert Handler Service Denial of Service (2) |
Release Date |
2011/01/12 |
Update Number |
1847 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Symantec Antivirus Intel Alert Handler Service Denial of Service (2)
This signature detects attempts to exploit a known vulnerability in Symantec's Antivirus Intel Alert Handler service. It is due to an input validation error when handling the argument passed in AMS requests to the affected service. An attacker can exploit this by sending malicious packets to the target service. A successful attack can result in termination of the affected service, causing a denial-of-service condition.
Extended Description
Symantec Antivirus is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Symantec Antivirus Corporate Edition 10.1.4.4010 is vulnerable; other versions may also be affected.
Affected Products
- Symantec AntiVirus Corporate Edition 10.1.4.4010
References
- BugTraq: 45368
- CVE: CVE-2010-0111
- CVE: CVE-2010-3268