Description
Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.
Affected products
- Symantec / im_manager8.4.16
- Symantec / im_manager6.0 – 6.0
- Symantec / im_manager6.5 – 6.5
- Symantec / im_manager7.0 – 7.0
- Symantec / im_manager7.5 – 7.5
- Symantec / im_manager8.3 – 8.3
- Symantec / im_manager8.4.0 – 8.4.0
- Symantec / im_manager8.4.1 – 8.4.1
- Symantec / im_manager8.4.2 – 8.4.2
- Symantec / im_manager8.4.5 – 8.4.5
- Symantec / im_manager8.4.6 – 8.4.6
- Symantec / im_manager8.4.7 – 8.4.7
- Symantec / im_manager8.4.8 – 8.4.8
- Symantec / im_manager8.4.9 – 8.4.9
- Symantec / im_manager8.4.10 – 8.4.10
- Symantec / im_manager8.4.11 – 8.4.11
- Symantec / im_manager8.4.12 – 8.4.12
- Symantec / im_manager8.4.13 – 8.4.13
- Symantec / im_manager8.4.15 – 8.4.15
References
- VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-11-037
- MISChttp://www.securityfocus.com/archive/1/516103/100/0/threaded
- MISChttp://www.securityfocus.com/bid/45946
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/65040
- VENDOR_ADVISORYhttp://secunia.com/advisories/43143
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0259
- MISChttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00
- MISChttp://osvdb.org/70755