Symantec Backup Exec for Windows Servers scheduler ActiveX buffer overflow

2008-03-21T00:00:00
ID SAINT:D0D476D2D12191709A767E7327E24D2A
Type saint
Reporter SAINT Corporation
Modified 2008-03-21T00:00:00

Description

Added: 03/21/2008
CVE: CVE-2007-6016
BID: 26904
OSVDB: 42358

Background

Symantec Backup Exec for Windows Servers is a backup and recovery solution for Windows servers.

Problem

An ActiveX buffer overflow vulnerability in **pvcalendar.ocx** in the scheduler component of Symantec Backup Exec for Windows Servers allows command execution when a user loads a web page which calls the **Save** method with a long **_DOWText0** parameter.

Resolution

Apply the hotfix.

References

<http://www.symantec.com/avcenter/security/Content/2008.02.28.html>
<http://secunia.com/secunia_research/2007-101/>

Limitations

Exploit works on Symantec Backup Exec for Windows Server 11d Build 11.0.7170 and requires a user who has installed the vulnerable ActiveX control to load the exploit page into Internet Explorer.

Platforms

Windows