Vulnerability Details : CVE-2004-1172
Public exploit exists!
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
Vulnerability category: OverflowExecute code
Products affected by CVE-2004-1172
- cpe:2.3:a:symantec_veritas:backup_exec:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:backup_exec:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:backup_exec:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:backup_exec:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec_veritas:backup_exec:9.1:*:*:*:*:*:*:*
Threat overview for CVE-2004-1172
Top countries where our scanners detected CVE-2004-1172
Top open port discovered on systems with this issue
10000
IPs affected by CVE-2004-1172 82
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2004-1172!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2004-1172
95.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2004-1172
-
Veritas Backup Exec Name Service Overflow
Disclosure Date: 2004-12-16First seen: 2020-04-26exploit/windows/backupexec/name_serviceThis module exploits a vulnerability in the Veritas Backup Exec Agent Browser service. This vulnerability occurs when a recv() call has a length value too long for the destination stack buffer. By sending an agent name value of 63 bytes or more, we can over
CVSS scores for CVE-2004-1172
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-1172
-
http://www.kb.cert.org/vuls/id/907729
US Government Resource
-
http://www.frsirt.com/exploits/20050111.101_BXEC.cpp.php
-
http://seer.support.veritas.com/docs/273850.htm
-
http://seer.support.veritas.com/docs/273419.htm
-
http://www.idefense.com/application/poi/display?id=169
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18506
-
http://www.securityfocus.com/bid/11974
VERITAS Backup Exec Agent Browser Remote Buffer Overflow VulnerabilityPatch;Vendor Advisory
-
http://seer.support.veritas.com/docs/273420.htm
-
http://seer.support.veritas.com/docs/273422.htm
Jump to