9.3

CVE-2009-1430

Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.

Data is provided by the National Vulnerability Database (NVD)
SymantecAntivirus Update- Editioncorporate Version <= 9.0
SymantecAntivirus Editioncorporate Version <= 10.1
SymantecAntivirus Editioncorporate Version <= 10.2
SymantecAntivirus Version- Update- Editionsrv
SymantecAntivirus Version10.0 Editioncorporate
SymantecAntivirus Version10.0.1 Editioncorporate
SymantecAntivirus Version10.0.1.1 Editioncorporate
SymantecAntivirus Version10.0.2 Editioncorporate
SymantecAntivirus Version10.0.2.1 Editioncorporate
SymantecAntivirus Version10.0.2.2 Editioncorporate
SymantecAntivirus Version10.0.3 Editioncorporate
SymantecAntivirus Version10.0.4 Editioncorporate
SymantecAntivirus Version10.0.5 Editioncorporate
SymantecAntivirus Version10.0.6 Editioncorporate
SymantecAntivirus Version10.0.7 Editioncorporate
SymantecAntivirus Version10.0.8 Editioncorporate
SymantecAntivirus Version10.0.9 Editioncorporate
SymantecClient Security Version <= 3.1
SymantecClient Security Version2.0
SymantecClient Security Version3.0
SymantecClient Security Version3.0.0.359
SymantecClient Security Version3.0.1.1000
SymantecClient Security Version3.0.1.1001
SymantecClient Security Version3.0.1.1007
SymantecClient Security Version3.0.1.1008
SymantecClient Security Version3.0.1.1009
SymantecClient Security Version3.0.2
SymantecClient Security Version3.0.2.2000
SymantecClient Security Version3.0.2.2001
SymantecClient Security Version3.0.2.2002
SymantecClient Security Version3.0.2.2010
SymantecClient Security Version3.0.2.2011
SymantecClient Security Version3.0.2.2020
SymantecClient Security Version3.0.2.2021
SymantecEndpoint Protection Version <= 11.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 60.57% 0.981
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.