CVE-2009-1431

29.04.2009, 15:30

XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:C/I:C/A:C
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
symantec	antivirus	𝑥 ≤ 9.0
symantec	antivirus	10 ≤ 𝑥 ≤ 10.2
symantec	antivirus	-
symantec	antivirus_central_quarantine_server	*
symantec	client_security	𝑥 ≤ 2.0
symantec	client_security	3.0 ≤ 𝑥 ≤ 3.1
symantec	endpoint_protection	𝑥 ≤ 11.0
symantec	system_center	*