Strike ID:
E09-43q01
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2009

Description

This strike exploits a Stack Buffer overflow vulnerability in Symantecs Alert Management System 2 IAO Service. The vulnerability is due to a boundary error in the IAO service when processing Bind Remove messages passed by msgsys.exe. The service copies message parameters into a stack buffer of 0x400, without validating its size. Data supplied with a larger value will overflow this buffer.

CVE

BID