header-logo
Suggest Exploit
vendor:
Symantec SAVCE
by:
Spider
7.5
CVSS
HIGH
Remote command execution at System level without authentication
CWE
Product Name: Symantec SAVCE
Affected Version From: Symantec SAVCE 10.1.8 and earlier
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows
2010

Symantec AMS Intel Alert Handler service Design Flaw

POC code to execute commands on system vulnerable to AMS2 design flaw of Intel Alert Handler service (hndlrsvc.exe) within Symantec SAVCE 10.1.8 and earlier

Mitigation:

Upgrade to a patched version of Symantec SAVCE
Source

Exploit-DB raw data: