Symantec Products Intel Alert Handler Remote DoS

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a service that is affected by a denial of
service vulnerability.

Description :

Intel Alert Handler Service (hndlrsvc.exe) included with Alert
Management System 2 (AMS2), an optional component included with either
Symantec Antivirus Corporate Edition or Symantec Endpoint Protection
version prior to 11.x, is installed on the remote host. The installed
service reportedly fails to correctly handle 'CommandLine' field in an
AMS request, and could be exploited by a remote attacker to crash the
affected service.

See also :

http://www.nessus.org/u?e058ea4d
http://seclists.org/fulldisclosure/2010/Dec/261

Solution :

Either upgrade to version 11.x since it does not use Intel AMS code
or disable Intel AMS.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 51190 ()

Bugtraq ID: 45368

CVE ID: CVE-2010-3268

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now