9.3
CVE-2010-0111
- EPSS 34.52%
- Veröffentlicht 31.01.2011 21:00:03
- Zuletzt bearbeitet 16.06.2026 23:15:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Symantec ≫ System Center Version10.0
Symantec ≫ System Center Version10.1
Symantec ≫ Antivirus Central Quarantine Server Version3.5
Symantec ≫ Antivirus Central Quarantine Server Version3.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 34.52% | 0.982 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/43099
http://www.vupen.com/english/advisories/2011/0234
http://secunia.com/advisories/43106
http://securitytracker.com/id?1024997
http://www.securityfocus.com/bid/45935
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01
http://www.zerodayinitiative.com/advisories/ZDI-11-029
https://exchange.xforce.ibmcloud.com/vulnerabilities/64942
https://exchange.xforce.ibmcloud.com/vulnerabilities/64943