Symantec IM Manager Code Injection Vulnerability

Release date:
Updated on:

Affected Systems:
Symantec IM Manager 8.x
Unaffected system:
Symantec IM Manager 8.4.18
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49742
Cve id: CVE-2011-0554

Symantec IM Manager provides certification support for public and enterprise IM networks and seamlessly manages enterprise instant messaging, it also implements security assurance, logging and archiving-including fine-grained policy enforcement and security control for file, audio and video, VoIP, application sharing and other real-time communication functions. IM Manager can eliminate potential risks in enterprise instant messaging.

Symantec IM Manager has a code injection vulnerability in implementing external data filtering and verification. Remote attackers can exploit this vulnerability to execute arbitrary code in affected applications.

<* Source: Andrea Micalizzi

Link: http://www.symantec.com/business/security_response/securityupdates/detail.jsp? Fid = security_advisory &
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Symantec
--------
Symantec has released a Security Bulletin (20110929_00) and corresponding patches for this purpose:

20110929_00: Security Advisories Relating to Symantec Products-Symantec IM Manager Administrator Console Multiple Issues

Link: http://www.symantec.com/business/security_response/securityupdates/detail.jsp? Fid = security_advisory &