Symantec Backup Exec for Windows Servers scheduler ActiveX buffer overflow

Added: 03/21/2008
CVE: CVE-2007-6016
BID: 26904
OSVDB: 42358

Background

Symantec Backup Exec for Windows Servers is a backup and recovery solution for Windows servers.

Problem

An ActiveX buffer overflow vulnerability in pvcalendar.ocx in the scheduler component of Symantec Backup Exec for Windows Servers allows command execution when a user loads a web page which calls the Save method with a long _DOWText0 parameter.

Resolution

Apply the hotfix.

References

http://www.symantec.com/avcenter/security/Content/2008.02.28.html
http://secunia.com/secunia_research/2007-101/

Limitations

Exploit works on Symantec Backup Exec for Windows Server 11d Build 11.0.7170 and requires a user who has installed the vulnerable ActiveX control to load the exploit page into Internet Explorer.

Platforms

Windows

Back to exploit index