Symantec Alert Management System Intel Alert Originator Service msgsys.exe buffer overflow

Added: 05/05/2009
CVE: CVE-2009-1430
BID: 34674
OSVDB: 54159

Background

The Symantec Alert Management System 2 (AMS2) is used by multiple Symantec products. The Intel Alert Originator (IAO) service is a component of AMS2. The msgsys.exe process is a preprocessor for the IAO service and listens on TCP port 38292.

Problem

A buffer overflow vulnerability in the msgsys.exe process allows remote attackers to execute arbitrary commands by sending it a long, specially crafted request.

Resolution

Apply one of the solutions shown in SYM09-007.

References

http://www.zerodayinitiative.com/advisories/ZDI-09-018/

Limitations

Exploit works on Symantec Alert Management System Intel Alert Originator Service 6.12.0.130E.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index