CVE-2010-3268

Published: Dec 22, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.

Affected (19)

Products: Intel: Intel Alert Management System · Symantec: Antivirus, Endpoint Protection

Intel

1 product

Intel Alert Management System

Symantec

2 products

Antivirus

Endpoint Protection

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Intel Alert Management System	All versions
Symantec Antivirus	Version 10.1.4.4010

Running on/with	Platform Versions
Microsoft Windows 2000	All versions

Configuration B

17 vulnerable

Vulnerable Software	Affected Versions
Symantec Endpoint Protection	Version 11.0.1
Symantec Endpoint Protection	Version 11.0.1 mp1
Symantec Endpoint Protection	Version 11.0.1 mp2
Symantec Endpoint Protection	Version 11.0.2
Symantec Endpoint Protection	Version 11.0.2 mp1
Symantec Endpoint Protection	Version 11.0.2 mp2
Symantec Endpoint Protection	Version 11.0.3001
Symantec Endpoint Protection	Version 11.0.4
Symantec Endpoint Protection	Version 11.0.4 mp1a
Symantec Endpoint Protection	Version 11.0.4 mp2
Symantec Endpoint Protection	Version 11.0
Symantec Endpoint Protection	Version 11.0 rtm
Symantec Endpoint Protection	Version 11.0 ru5
Symantec Endpoint Protection	Version 11.0 ru6
Symantec Endpoint Protection	Version 11.0 ru6a
Symantec Endpoint Protection	Version 11.0 ru6mp1
Symantec Endpoint Protection	Version 11.0 ru6mp2