| Name | Symantec.Intel.Alert.Originator.Service.Buffer.Overflow |
| Last Updated Date | Nov 04, 2009 |
| Release Date | Jun 23, 2009 |
| Severity | Critical |
| Impact | System Compromise |
| Description | This indicates an attack attempt against a buffer-overflow vulnerability in Symantec Alert Originator Service component shipped with Symantec Client Security software.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted packet. It allows a remote attacker to execute arbitrary code. |
| Affected Products | Symantec AntiVirus Corporate Edition version 9.0 MR6 and prior
Symantec AntiVirus Corporate Edition version 10.0 (all versions)
Symantec AntiVirus Corporate Edition version 10.1 MR7 and prior
Symantec AntiVirus Corporate Edition version 10.2 MR1 and prior |
| Recommended Actions | Apply the patch supplied by the vendor:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1430
|
| Reference/s | http://www.securityfocus.com/bid/34672 (BugTraq)
http://www.securityfocus.com/bid/34674 (BugTraq)
http://www.vupen.com/english/advisories/2009/1204 (FrSIRT)
|