Symantec IM Manager IMAdminSchedTask.asp Eval Code Injection Remote Code Execution (SYM11-004)

high Nessus Plugin ID 52052

Synopsis

A web application on the remote Windows host can be abused to execute arbitrary code.

Description

The version of Symantec IM Manager installed on the remote Windows host is earlier than 8.4.17. The 'ScheduleTask' method exposed by the 'IMAdminSchedTask.asp' page fails to properly sanitize user input to a POST variable before using it in an 'eval()' call.

If a logged in console user can be tricked into visiting a malicious link, this issue can be exploited to inject and execute arbitrary ASP code and compromise the affected application.

Solution

Upgrade to Symantec IM Manager 8.4.17 (build 8.4.1397) or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-11-037/

https://seclists.org/fulldisclosure/2011/Jan/584

http://www.nessus.org/u?97c57d06

https://support.symantec.com/en_US/article.TECH88765.html

Plugin Details

Severity: High

ID: 52052

File Name: symantec_im_mgr_8_4_17.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 2/22/2011

Updated: 11/15/2018

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 7

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:im_manager

Required KB Items: SMB/Symantec/im_mgr/Build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/31/2011

Vulnerability Publication Date: 1/31/2011

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-3719

BID: 45946