CVE-2010-0110

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.9HIGH

EPSS

33.3%

top 3.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Antivirus Symantec Antivirus Central Quarantine Server Symantec System Center

Timeline

PublishedJan 31

Latest updateMay 2

Description

Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN numb…

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages3 packages

▶NVDsymantec/system_center10.0, 10.1+1

▶NVDsymantec/antivirus_central_quarantine_server3.5, 3.6+1

▶NVDsymantec/antivirus26 versions+25

🔴Vulnerability Details

GHSA

GHSA-vmxg-px44-w6m2: Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10↗2022-05-02

▶

CVEList

CVE-2010-0110: Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10↗2011-01-31

▶

💥Exploits & PoCs

Exploit-DB

VMware Tools - Update OS Command Injection↗2010-12-09

▶