10

CVE-2009-1429

Exploit

The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.

Data is provided by the National Vulnerability Database (NVD)
SymantecAntivirus Update- Editioncorporate Version <= 9.0
SymantecAntivirus Editioncorporate Version <= 10.1
SymantecAntivirus Editioncorporate Version <= 10.2
SymantecAntivirus Version- Update- Editionsrv
SymantecAntivirus Version10.0 Editioncorporate
SymantecAntivirus Version10.0.1 Editioncorporate
SymantecAntivirus Version10.0.1.1 Editioncorporate
SymantecAntivirus Version10.0.2 Editioncorporate
SymantecAntivirus Version10.0.2.1 Editioncorporate
SymantecAntivirus Version10.0.2.2 Editioncorporate
SymantecAntivirus Version10.0.3 Editioncorporate
SymantecAntivirus Version10.0.4 Editioncorporate
SymantecAntivirus Version10.0.5 Editioncorporate
SymantecAntivirus Version10.0.6 Editioncorporate
SymantecAntivirus Version10.0.7 Editioncorporate
SymantecAntivirus Version10.0.8 Editioncorporate
SymantecAntivirus Version10.0.9 Editioncorporate
SymantecClient Security Version <= 3.1
SymantecClient Security Version2.0
SymantecClient Security Version3.0
SymantecClient Security Version3.0.0.359
SymantecClient Security Version3.0.1.1000
SymantecClient Security Version3.0.1.1001
SymantecClient Security Version3.0.1.1007
SymantecClient Security Version3.0.1.1008
SymantecClient Security Version3.0.1.1009
SymantecClient Security Version3.0.2
SymantecClient Security Version3.0.2.2000
SymantecClient Security Version3.0.2.2001
SymantecClient Security Version3.0.2.2002
SymantecClient Security Version3.0.2.2010
SymantecClient Security Version3.0.2.2011
SymantecClient Security Version3.0.2.2020
SymantecClient Security Version3.0.2.2021
SymantecEndpoint Protection Version <= 11.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 91.1% 0.996
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.