9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.958 High
EPSS
Percentile
99.4%
Added: 03/21/2008
CVE: CVE-2007-6016
BID: 26904
OSVDB: 42358
Symantec Backup Exec for Windows Servers is a backup and recovery solution for Windows servers.
An ActiveX buffer overflow vulnerability in **pvcalendar.ocx**
in the scheduler component of Symantec Backup Exec for Windows Servers allows command execution when a user loads a web page which calls the **Save**
method with a long **_DOWText0**
parameter.
Apply the hotfix.
<http://www.symantec.com/avcenter/security/Content/2008.02.28.html>
<http://secunia.com/secunia_research/2007-101/>
Exploit works on Symantec Backup Exec for Windows Server 11d Build 11.0.7170 and requires a user who has installed the vulnerable ActiveX control to load the exploit page into Internet Explorer.
Windows