APP: Symantec Antivirus Intel Alert Handler Service Denial of Service (2)
This signature detects attempts to exploit a known vulnerability in Symantec's Antivirus Intel Alert Handler service. It is due to an input validation error when handling the argument passed in AMS requests to the affected service. An attacker can exploit this by sending malicious packets to the target service. A successful attack can result in termination of the affected service, causing a denial-of-service condition.
Extended Description
Symantec Antivirus is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Symantec Antivirus Corporate Edition 10.1.4.4010 is vulnerable; other versions may also be affected.
Affected Products
Symantec antivirus_corporate_edition
Short Name
APP:SYMC:AV-INTEL-ALERT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
(2) Alert Antivirus CVE-2010-0111 CVE-2010-3268 Denial Handler Intel Service Symantec bid:45368 bid:45935 of
Release Date
01/12/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/38292
False Positive
Unknown
Vendors
Symantec
CVSS Score
9.3
5.0