Symantec IM Manager IMAdminSchedTask.asp Eval Code Injection Remote Code Execution (SYM11-004)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

A web application on the remote Windows host can be abused to execute
arbitrary code.

Description :

The version of Symantec IM Manager installed on the remote Windows
host is earlier than 8.4.17. The 'ScheduleTask' method exposed by the
'IMAdminSchedTask.asp' page fails to properly sanitize user input to a
POST variable before using it in an 'eval()' call.

If a logged in console user can be tricked into visiting a malicious
link, this issue can be exploited to inject and execute arbitrary ASP
code and compromise the affected application.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-037
http://seclists.org/fulldisclosure/2011/Jan/584
http://www.nessus.org/u?9ebaace1
http://www.symantec.com/docs/TECH88765

Solution :

Upgrade to Symantec IM Manager 8.4.17 (build 8.4.1397) or later.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 52052 ()

Bugtraq ID: 45946

CVE ID: CVE-2010-3719

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now