9.3

CVE-2010-0111

HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.

Data is provided by the National Vulnerability Database (NVD)
SymantecAntivirus Version10.0 Editioncorporate
SymantecAntivirus Version10.0 Updatemr1 Editioncorporate
SymantecAntivirus Version10.0 Updatemr2 Editioncorporate
SymantecAntivirus Version10.0.1 Editioncorporate
SymantecAntivirus Version10.0.1.1 Editioncorporate
SymantecAntivirus Version10.0.1.2 Editioncorporate
SymantecAntivirus Version10.0.2 Editioncorporate
SymantecAntivirus Version10.0.2.1 Editioncorporate
SymantecAntivirus Version10.0.2.2 Editioncorporate
SymantecAntivirus Version10.0.3 Editioncorporate
SymantecAntivirus Version10.0.4 Editioncorporate
SymantecAntivirus Version10.0.5 Editioncorporate
SymantecAntivirus Version10.0.6 Editioncorporate
SymantecAntivirus Version10.0.7 Editioncorporate
SymantecAntivirus Version10.0.8 Editioncorporate
SymantecAntivirus Version10.0.9 Editioncorporate
SymantecAntivirus Version10.1 Editioncorporate
SymantecAntivirus Version10.1 Updatemp1 Editioncorporate
SymantecAntivirus Version10.1 Updatemr4 Editioncorporate
SymantecAntivirus Version10.1 Updatemr5 Editioncorporate
SymantecAntivirus Version10.1 Updatemr6 Editioncorporate
SymantecAntivirus Version10.1 Updatemr7 Editioncorporate
SymantecAntivirus Version10.1.0.1 Editioncorporate
SymantecAntivirus Version10.1.4 Editioncorporate
SymantecAntivirus Version10.1.4.1 Editioncorporate
SymantecAntivirus Version10.1.5 Editioncorporate
SymantecAntivirus Version10.1.5.1 Editioncorporate
SymantecAntivirus Version10.1.6 Editioncorporate
SymantecAntivirus Version10.1.6.1 Editioncorporate
SymantecAntivirus Version10.1.7 Editioncorporate
SymantecAntivirus Version10.1.8 Editioncorporate
SymantecAntivirus Version10.1.9 Editioncorporate
SymantecAntivirus Version10.2 Editioncorporate
SymantecAntivirus Version10.2 Updatemr2 Editioncorporate
SymantecAntivirus Version10.2 Updatemr3 Editioncorporate
SymantecSystem Center Version10.0
SymantecSystem Center Version10.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 60.59% 0.981
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.