SAINT CorporationSAINT:B32A6AF28571F380A322A59794E4437DSymantec Backup Exec for Windows Servers scheduler ActiveX buffer overflow
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.958 High
EPSS
Percentile
99.4%
Added: 03/21/2008
CVE: CVE-2007-6016
BID: 26904
OSVDB: 42358
Background
Symantec Backup Exec for Windows Servers is a backup and recovery solution for Windows servers.
Problem
An ActiveX buffer overflow vulnerability in **pvcalendar.ocx** in the scheduler component of Symantec Backup Exec for Windows Servers allows command execution when a user loads a web page which calls the **Save** method with a long **_DOWText0** parameter.
Resolution
Apply the hotfix.
References
<http://www.symantec.com/avcenter/security/Content/2008.02.28.html>
<http://secunia.com/secunia_research/2007-101/>
Limitations
Exploit works on Symantec Backup Exec for Windows Server 11d Build 11.0.7170 and requires a user who has installed the vulnerable ActiveX control to load the exploit page into Internet Explorer.
Platforms
Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.958 High
EPSS
Percentile
99.4%