Some vulnerabilities have been reported in various Symantec products, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to compromise a vulnerable system.

1) An unspecified error in the Intel LANDesk Common Base Agent (CBA) can be exploited to pass packet content as an argument to "CreateProcessA()". This can be exploited to execute arbitrary commands with SYSTEM privileges by sending a specially crafted packet to TCP port 12174.

2) A boundary error in the Intel Alert Originator service (iao.exe) can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet to TCP port 38292.

Successful exploitation allows execution of arbitrary code with SYSTEM privileges.

3) A boundary error exists in the Intel Alert Originator Service (iao.exe) when processing input from the MsgSys.exe process, which can be exploited to cause a stack-based buffer overflow.

Successful exploitation allows execution of arbitrary code with SYSTEM privileges.

4) A design error exists in the Intel File Transfer service (XFR.EXE) when processing program paths within requests sent to port 12174/TCP. This can be exploited to execute arbitrary code with SYSTEM privileges on a vulnerable system if the attacker is able to establish a TCP session with a vulnerable host.

The vulnerabilities affect the following products and versions:
* Symantec AntiVirus Corporate Edition 9.0 MR6 and prior, 10.0 (all versions), 10.1 MR7 and prior, and 10.2 MR1 and prior.
* Symantec Client Security 2.0 MR6 and prior, 3.0 (all versions), and 3.1 MR7 and prior.
* Symantec Endpoint Protection 11.0 MR2 and prior.

Solution
Update to the latest versions.
Further details available in Customer Area

Provided and/or discovered by
1) The vendor credits Tenable Network Security, working with the ZDI.
2) Sebastian Apelt, reported via ZDI.
3) The vendor credits Sebastian Apelt, working with the ZDI.
4) An anonymous person, reported via iDefense.

Changelog
Further details available in Customer Area

Original Advisory
SYM09-007:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-018/

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786

Deep Links
Links available in Customer Area