CVE-2007-6016

critical

Description

Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.

References

https://www.exploit-db.com/exploits/5205

http://www.vupen.com/english/advisories/2008/2672

http://www.vupen.com/english/advisories/2008/0718

http://www.symantec.com/avcenter/security/Content/2008.02.29.html

http://www.symantec.com/avcenter/security/Content/2008.02.28.html

http://www.securityfocus.com/bid/26904

http://seer.support.veritas.com/docs/308669.htm

http://securitytracker.com/id?1019524

http://secunia.com/secunia_research/2007-101/advisory/

http://secunia.com/advisories/27885

Details

Source: Mitre, NVD

Published: 2008-02-29

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical