CVE-2008-0638

Currently unrated

Key Information:

Vendor: Symantec
Status: Veritas Storage Foundation
Vendor: CVE Published:; 21 February 2008

Summary

Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.

References

http://www.symantec.com/avcenter/security/Content/2008.02...

x_refsource_CONFIRM

http://securitytracker.com/id?1019459

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/29050

third-party-advisoryx_refsource_SECUNIA

EPSS Score

88% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 21, 2008
Vulnerability Reserved
Feb 6, 2008