Heap-based Buffer Overflow in Symantec Backup Exec
CVE-2007-3509

Currently unrated

Key Information:

Vendor: Symantec
Status: Veritas Backup Exec
Vendor: CVE Published:; 12 July 2007

Summary

The vulnerability is a heap-based buffer overflow found in the RPC (Remote Procedure Call) subsystem of Symantec Backup Exec. Attackers can exploit this flaw by sending specially crafted ncacn_ip_tcp requests, leading to a process exit and potentially enabling arbitrary code execution. This vulnerability affects versions 10.0, 10d, and 11d of the software, potentially exposing systems to remote attackers seeking to compromise system integrity.

References

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www.vupen.com/english/advisories/2007/2505

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/26032

third-party-advisoryx_refsource_SECUNIA

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 12, 2007
Vulnerability Reserved
Jul 2, 2007