Vulnerability Details : CVE-2010-0111
Public exploit exists!
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2010-0111
Probability of exploitation activity in the next 30 days: 32.56%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-0111
-
Symantec System Center Alert Management System (hndlrsvc.exe) Arbitrary Command Execution
Disclosure Date: 2010-07-26First seen: 2020-04-26exploit/windows/antivirus/ams_hndlrsvcSymantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. This is part of Symantec AntiVirus Corporate Edition 8.0 - 10.1.7. Authors: - MC <m
CVSS scores for CVE-2010-0111
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-0111
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0111
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64942
Multiple Symantec products Intel AMS2 component code execution CVE-2010-0111 Vulnerability Report
-
http://www.vupen.com/english/advisories/2011/0234
Webmail | OVH- OVHVendor Advisory
-
http://securitytracker.com/id?1024997
Symantec Antivirus Corporate Edition Intel AMS Service Lets Remote Users Deny Service and Execute Programs - SecurityTracker
-
http://www.zerodayinitiative.com/advisories/ZDI-11-029
ZDI-11-029 | Zero Day Initiative
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01
Multiple Symantec Intel Alert Management System Arbitrary Message Creation or Denial of Service
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64943
Multiple Symantec products Intel AMS2 component denial of service CVE-2010-0111 Vulnerability Report
-
http://www.securityfocus.com/bid/45935
Symantec Intel Alert Management System Message Handling Multiple Code Execution Vulnerabilities
Products affected by CVE-2010-0111
- cpe:2.3:a:symantec:antivirus:10.0.1:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.2:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.9:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.2.1:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.5:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.6:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.7:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.8:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.3:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.4:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.2.2:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.1.1:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0:mr1:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.2:mr2:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.2:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1:mr4:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1:mr5:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1:mr6:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1:mr7:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0:mr2:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1:mp1:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.5.1:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.5:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.6.1:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.6:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.2:mr3:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.4.1:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.4:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.0.1:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.7:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.8:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.1.9:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus:10.0.1.2:*:corporate:*:*:*:*:*
- cpe:2.3:a:symantec:system_center:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:system_center:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_central_quarantine_server:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_central_quarantine_server:3.6:*:*:*:*:*:*:*