Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.

References

• https://nvd.nist.gov/vuln/detail/CVE-2011-0688
• https://exchange.xforce.ibmcloud.com/vulnerabilities/65071
• http://secunia.com/advisories/43099
• http://securitytracker.com/id?1024996
• http://www.securityfocus.com/bid/45936
• http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
• http://www.vupen.com/english/advisories/2011/0234