CVE-2010-3268

Exploit

EPSS 7.98%
Published 22.12.2010 21:00:15
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Intel ≫ Intel Alert Management System

Microsoft ≫ Windows 2000 Version- Updatesp4

Symantec ≫ Antivirus Version10.1.4.4010 Editioncorporate

Microsoft ≫ Windows 2000 Version- Updatesp4

Symantec ≫ Endpoint Protection Version11.0

Symantec ≫ Endpoint Protection Version11.0 Updatertm

Symantec ≫ Endpoint Protection Version11.0 Updateru5

Symantec ≫ Endpoint Protection Version11.0 Updateru6

Symantec ≫ Endpoint Protection Version11.0 Updateru6a

Symantec ≫ Endpoint Protection Version11.0 Updateru6mp1

Symantec ≫ Endpoint Protection Version11.0 Updateru6mp2

Symantec ≫ Endpoint Protection Version11.0.1

Symantec ≫ Endpoint Protection Version11.0.1 Updatemp1

Symantec ≫ Endpoint Protection Version11.0.1 Updatemp2

Symantec ≫ Endpoint Protection Version11.0.2

Symantec ≫ Endpoint Protection Version11.0.2 Updatemp1

Symantec ≫ Endpoint Protection Version11.0.2 Updatemp2

Symantec ≫ Endpoint Protection Version11.0.4

Symantec ≫ Endpoint Protection Version11.0.4 Updatemp1a

Symantec ≫ Endpoint Protection Version11.0.4 Updatemp2

Symantec ≫ Endpoint Protection Version11.0.3001

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.98%	0.918

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/42593

Vendor Advisory

http://secunia.com/advisories/43099

http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos

Exploit

http://www.securityfocus.com/archive/1/515191/100/0/threaded

http://www.securityfocus.com/bid/45936

http://www.securitytracker.com/id?1024866

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00

http://www.vupen.com/english/advisories/2010/3206

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0234

https://exchange.xforce.ibmcloud.com/vulnerabilities/64028

https://nvd.nist.gov/vuln/detail/CVE-2010-3268

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3268

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3268

EUVD