CVE-2008-5408

Currently unrated

Key Information:

Vendor: Symantec
Status: Backup Exec For Windows Server
Vendor: CVE Published:; 10 December 2008

Summary

Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407.

References

http://www.securitytracker.com/id?1021246

vdb-entryx_refsource_SECTRACK

http://seer.entsupport.symantec.com/docs/314528.htm

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/3209

vdb-entryx_refsource_VUPEN

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Dec 8, 2008