Code Execution Vulnerability in Symantec Reporting Server by Symantec
CVE-2007-3021

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Antivirus; Client Security; Reporting Server
Vendor: CVE Published:; 5 June 2007

Summary

The Symantec Reporting Server prior to version 1.0.224.0 contains a vulnerability due to the failure to initialize a critical variable. This security flaw can be exploited by attackers to create arbitrary executable files through specific manipulations during data export processes, potentially leading to unauthorized actions on the affected systems. It's crucial for users to update to the latest version to mitigate this risk.

References

http://www.symantec.com/avcenter/security/Content/2007.06...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/24313

vdb-entryx_refsource_BID

http://osvdb.org/36109

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jun 5, 2007
Vulnerability Reserved
Jun 4, 2007