Detections
Analytics
Symantec Alert Management System 2 RCE (SYM09-007)
critical Nessus Plugin ID 44959
Language:
Synopsis
The remote Windows host has a service that is affected by a remote code execution vulnerability.Description
Alert Management System 2 (AMS2), an optional component included with multiple Symantec products, is installed on the remote Windows host.Versions prior to build 150 are affected by multiple stack-based buffer overflow conditions. A remote attacker can exploit these issues to crash the service or execute arbitrary code as SYSTEM.
Solution
Apply the relevant upgrade referenced in the Symantec advisory.See Also
https://www.zerodayinitiative.com/advisories/ZDI-09-018/
https://www.securityfocus.com/archive/1/archive/1/503080/100/0/threaded
Plugin Details
Severity: Critical
ID: 44959
File Name: symantec_ams2_multiple_overflows.nasl
Version: 1.14
Type: local
Agent: windows
Family: Windows
Published: 3/2/2010
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:symantec:system_center, cpe:/a:symantec:antivirus, cpe:/a:symantec:antivirus_central_quarantine_server, cpe:/a:symantec:client_security, cpe:/a:symantec:endpoint_protection
Required KB Items: SMB/Registry/Enumerated, SMB/svcs
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/28/2009
Vulnerability Publication Date: 4/28/2009
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Symantec Alert Management System Intel Alert Originator Service Buffer Overflow)
Reference Information
CVE: CVE-2009-1430