Symantec : Security Vulnerabilities, CVEs, Published In 2011
CVE-2010-0111
Public exploit
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.
Max CVSS
9.3
EPSS Score
32.56%
Published
2011-01-31
Updated
2017-08-17
CVE-2009-3028
Public exploit
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
Max CVSS
6.8
EPSS Score
72.80%
Published
2011-03-07
Updated
2013-02-07
2 vulnerabilities found