[VIM] [Full-disclosure] ZDI-11-032: Symantec Intel Alert Originator Service iao.exe Remote Code Execution Vulnerability

Fri May 20 22:28:00 CDT 2011

http://www.zerodayinitiative.com/advisories/ZDI-11-028
http://www.zerodayinitiative.com/advisories/ZDI-11-029
http://www.zerodayinitiative.com/advisories/ZDI-11-030
http://www.zerodayinitiative.com/advisories/ZDI-11-031
http://www.zerodayinitiative.com/advisories/ZDI-11-032

All of these advisories have the wrong CVE. Could you clarify which CVE is 
associated with each advisory?

Brian
OSVDB.org

On Thu, 27 Jan 2011, ZDI Disclosures wrote:

: ZDI-11-032: Symantec Intel Alert Originator Service iao.exe Remote Code Execution Vulnerability
: 
: http://www.zerodayinitiative.com/advisories/ZDI-11-032
: 
: January 27, 2011
: 
: -- CVE ID:
: CVE-2010-111
: 
: -- CVSS:
: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
: 
: -- Affected Vendors:
: Symantec
: 
: -- Affected Products:
: Symantec Alert Management System
: 
: -- TippingPoint(TM) IPS Customer Protection:
: TippingPoint IPS customers have been protected against this
: vulnerability by Digital Vaccine protection filter ID 5959.
: For further product information on the TippingPoint IPS, visit:
: 
:     http://www.tippingpoint.com
: 
: -- Vulnerability Details:
: This vulnerability allows remote attackers to execute arbitrary code on
: vulnerable installations of multiple Symantec products. Authentication
: is not required to exploit this vulnerability.
: 
: The specific flaw exists within the Intel Alert Originator (iao.exe)
: service. While processing messages sent from the msgsys.exe process a
: size check can be bypassed and a subsequent stack-based buffer overflow
: can be triggered. This can be leveraged by remote attackers to execute
: arbitrary code under the context of the Alert service.
: 
: -- Vendor Response:
: Symantec has issued an update to correct this vulnerability. More
: details can be found at:
: 
: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
: 
: -- Disclosure Timeline:
: 2009-10-27 - Vulnerability reported to vendor
: 2011-01-27 - Coordinated public release of advisory
: 
: -- Credit:
: This vulnerability was discovered by:
:     * Anonymous
: 
: -- About the Zero Day Initiative (ZDI):
: Established by TippingPoint, The Zero Day Initiative (ZDI) represents
: a best-of-breed model for rewarding security researchers for responsibly
: disclosing discovered vulnerabilities.
: 
: Researchers interested in getting paid for their security research
: through the ZDI can find more information and sign-up at:
: 
:     http://www.zerodayinitiative.com
: 
: The ZDI is unique in how the acquired vulnerability information is
: used. TippingPoint does not re-sell the vulnerability details or any
: exploit code. Instead, upon notifying the affected product vendor,
: TippingPoint provides its customers with zero day protection through
: its intrusion prevention technology. Explicit details regarding the
: specifics of the vulnerability are not exposed to any parties until
: an official vendor patch is publicly available. Furthermore, with the
: altruistic aim of helping to secure a broader user base, TippingPoint
: provides this vulnerability information confidentially to security
: vendors (including competitors) who have a vulnerability protection or
: mitigation product.
: 
: Our vulnerability disclosure policy is available online at:
: 
:     http://www.zerodayinitiative.com/advisories/disclosure_policy/
: 
: Follow the ZDI on Twitter:
: 
:     http://twitter.com/thezdi
: 
: 
: 