製品・ソフトウェアに関する情報

JVN脆弱性詳細

SAVCE などの製品で使用されている Intel Alert Management System におけるスタックベースのバッファオーバーフローの脆弱性

Title	SAVCE などの製品で使用されている Intel Alert Management System におけるスタックベースのバッファオーバーフローの脆弱性
Summary	Symantec AntiVirus Corporate Edition (SAVCE)、Symantec System Center (SCC) および Symantec Quarantine Server で使用されている Intel Alert Management System には、スタックベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、以下を介して、任意のコードを実行される可能性があります。 (1) Intel Alert Handler サービスの AMSLIB.dll の AMSSendAlertAct 関数に関する msgsys.exe への過度に長い文字列 (2) 過度に長いモデム文字列 (3) Intel Alert Handler サービスの pagehndl.dll に関する msgsys.exe の過度に長いPIN 番号 (4) Intel Alert Originator サービスの iao.exe に関する msgsys.exe へのメッセージ
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 26, 2011, midnight
Registration Date	March 27, 2012, 6:42 p.m.
Last Update	March 27, 2012, 6:42 p.m.

CVSS2.0 : 危険
Score	7.9
Vector	AV:A/AC:M/Au:N/C:C/I:C/A:C

Affected System

シマンテック

antivirus central quarantine server 3.5 および 3.6

Symantec AntiVirus 10.1 MR10 未満の 10.x

system center 10.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0110	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0110
National Vulnerability Database (NVD)
2	CVE-2010-0110	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0110

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Symantec Security Advisory
1	SYM11-002	http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
シマンテックセキュリティ・アドバイザリー
2	SYM11-002	http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00

Change Log

No	Changed Details	Date of change
0	[2012年03月27日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-0110

Summary	Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service.
Publication Date	Feb. 1, 2011, 6 a.m.
Registration Date	Jan. 29, 2021, 10:56 a.m.
Last Update	Nov. 21, 2024, 10:11 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:symantec:antivirus:10.1.6.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.7::corporate:::::
cpe:2.3:a:symantec:antivirus:10.2:mr3:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.2::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1:mr6:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.2:mr2:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.1.6::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.6::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0:mr2:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.1:mr4:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.1.5::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.4.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.2::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1:mr7:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.0.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.9::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.7::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.8::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.5::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.4::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.0.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.8::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.9::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.1.2::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.2.2::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0:mr1:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.0.3::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1:mp1:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.1.5.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.4::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.1.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.2.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1:mr5:corporate:::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:symantec:system_center:10.0:::::::*
cpe:2.3:a:symantec:system_center:10.1:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:symantec:antivirus_central_quarantine_server:3.6:::::::*
cpe:2.3:a:symantec:antivirus_central_quarantine_server:3.5:::::::*

Related information, measures and tools

No	URL	タグ
1	http://secunia.com/advisories/43099	Vendor Advisory
2	http://secunia.com/advisories/43099	Vendor Advisory
3	http://secunia.com/advisories/43106	Vendor Advisory
4	http://secunia.com/advisories/43106	Vendor Advisory
5	http://securitytracker.com/id?1024996
6	http://securitytracker.com/id?1024996
7	http://www.securityfocus.com/bid/45936
8	http://www.securityfocus.com/bid/45936
9	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
10	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
11	http://www.vupen.com/english/advisories/2011/0234	Vendor Advisory
12	http://www.vupen.com/english/advisories/2011/0234	Vendor Advisory
13	http://www.zerodayinitiative.com/advisories/ZDI-11-028
14	http://www.zerodayinitiative.com/advisories/ZDI-11-028
15	http://www.zerodayinitiative.com/advisories/ZDI-11-030
16	http://www.zerodayinitiative.com/advisories/ZDI-11-030
17	http://www.zerodayinitiative.com/advisories/ZDI-11-031
18	http://www.zerodayinitiative.com/advisories/ZDI-11-031
19	http://www.zerodayinitiative.com/advisories/ZDI-11-032
20	http://www.zerodayinitiative.com/advisories/ZDI-11-032
21	https://exchange.xforce.ibmcloud.com/vulnerabilities/64940
22	https://exchange.xforce.ibmcloud.com/vulnerabilities/64940

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:symantec:antivirus:10.1.6.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.7::corporate:::::
cpe:2.3:a:symantec:antivirus:10.2:mr3:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.2::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1:mr6:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.2:mr2:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.1.6::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.6::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0:mr2:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.1:mr4:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.1.5::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.4.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.2::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1:mr7:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.0.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.9::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.7::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.8::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.5::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.4::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.0.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.8::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.9::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.1.2::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.2.2::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0:mr1:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.0.3::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1:mp1:corporate:::::*
cpe:2.3:a:symantec:antivirus:10.1.5.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1.4::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.1.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.0.2.1::corporate:::::
cpe:2.3:a:symantec:antivirus:10.1:mr5:corporate:::::*