Symantec Alert Management System AMSSendAlertAck Buffer Overflow

Added: 12/01/2011
CVE: CVE-2010-0110
BID: 45936
OSVDB: 72623


The Symantec Alert Management System 2 (AMS2) is used by multiple Symantec products. It includes an Intel Alert Handler service (hndlrsvc.exe). This service handles messages forwarded to it by the Alert Originator Manager (msgsys.exe), which listens on port 38292/TCP.


A stack buffer overflow vulnerability in the AMSLIB.dll module of the Intel Alert Handler service allows a remote attacker to execute arbitrary commands by sending a long, specially crafted string to the Alert Originator Manager.


Apply the patch referenced in SYM11-002.



Exploit works on Symantec System Center on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.


Windows Server 2003

Back to exploit index