Symantec Alert Management System AMSSendAlertAck Buffer Overflow

Added: 12/01/2011
CVE: CVE-2010-0110
BID: 45936
OSVDB: 72623

Background

The Symantec Alert Management System 2 (AMS2) is used by multiple Symantec products. It includes an Intel Alert Handler service (hndlrsvc.exe). This service handles messages forwarded to it by the Alert Originator Manager (msgsys.exe), which listens on port 38292/TCP.

Problem

A stack buffer overflow vulnerability in the AMSLIB.dll module of the Intel Alert Handler service allows a remote attacker to execute arbitrary commands by sending a long, specially crafted string to the Alert Originator Manager.

Resolution

Apply the patch referenced in SYM11-002.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-028/

Limitations

Exploit works on Symantec System Center 10.1.8.8000 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.

Platforms

Windows Server 2003

Back to exploit index