Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

The remote host is running Symantec Reporting Server, a component of Symantec AntiVirus Corporate Edition, Symantec Client Security, and Symantec Endpoint Protection Manager that serves to create reports about the use of Symantec antivirus products in an enterprise environment. 

The installed version of Reporting Server includes user-supplied input to the 'MSG' parameter of the 'Reporting/login/login.php' script on the login page.  By tricking an authorized user into clicking on a specially crafted link, an attacker can cause an arbitrary message to be displayed, which in turn could facilitate phishing attacks against the affected site.

Detections

Analytics

CVE-2009-1432

high

Tenable Plugins

medium