Stack-Based Buffer Overflow in Symantec Backup Exec for Windows Server
CVE-2007-6016

Currently unrated

Key Information:

Vendor: Symantec
Status: Backup Exec For Windows Server
Vendor: CVE Published:; 29 February 2008

Summary

The ActiveX control PVATLCalendar.PVCalendar.1 in pvcalendar.ocx, found within the scheduler component of Symantec Backup Exec for Windows Server, is susceptible to multiple stack-based buffer overflow vulnerabilities. Remote attackers can exploit these weaknesses by sending specially crafted inputs to various properties, specifically during the execution of the Save method. Although the vendor indicates that authenticated user involvement is required, this is misleading as no authentication is needed for an attacker to compromise client machines running this control, potentially allowing for arbitrary code execution.

References

http://www.securityfocus.com/bid/26904

vdb-entryx_refsource_BID

http://www.symantec.com/avcenter/security/Content/2008.02...

x_refsource_CONFIRM

http://seer.support.veritas.com/docs/308669.htm

x_refsource_CONFIRM

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 29, 2008
Vulnerability Reserved
Nov 19, 2007