Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Symantec杀毒软件 Intel Alert Originator服务栈溢出漏洞
Vulnerability Description
Symantec AntiVirus是非常流行的杀毒解决方案。 Symantec杀毒软件中的Intel Alert Originator服务(IAO.EXE)没有正确地验证通过memcpy()调用发送给栈缓冲区的数据。如果远程攻击者向默认监听的TCP 38292端口发送了畸形报文的话,就可以触发栈溢出,导致以SYSTEM权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A