iDefense Security Advisory 04.29.09 – Remote exploitation of a design error vulnerability in Symantec Corp.’s Symantec System Center may allow an attacker to execute arbitrary code with SYSTEM privileges. The vulnerability exists within the ‘Intel File Transfer’ service, which runs the xfr.exe application. When sent a properly formatted request, this service will extract a string from the request, and use it as the path of a program to execute as a new Process. The process will be started with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in Symantec Client Security version 3.1. Previous versions may also be affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/77124/04.29.09-1.txt
Source: https://packetstormsecurity.com/files/77124/iDEFENSE-Security-Advisory-2009-04-29.1.html