Vulnerability Details : CVE-2007-6016
Public exploit exists!
Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-6016
- cpe:2.3:a:symantec:backup_exec_for_windows_server:11d:11.0.7170:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec_for_windows_server:12.0:12.0.1364:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec_for_windows_server:11d:11.0.6235:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6016
93.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-6016
-
Symantec BackupExec Calendar Control Buffer Overflow
Disclosure Date: 2008-02-28First seen: 2020-04-26exploit/windows/browser/symantec_backupexec_pvcalendarThis module exploits a stack buffer overflow in Symantec BackupExec Calendar Control. By sending an overly long string to the "_DOWText0" property located in the pvcalendar.ocx control, an attacker may be able to execute arbitrary code. Authors: - Elazar B
CVSS scores for CVE-2007-6016
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-6016
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6016
-
http://seer.support.veritas.com/docs/308669.htm
-
https://www.exploit-db.com/exploits/5205
-
http://www.vupen.com/english/advisories/2008/2672
Vendor Advisory
-
http://www.securityfocus.com/bid/26904
Symantec Backup Exec Scheduler ActiveX Control Multiple Stack Based Buffer Overflow VulnerabilitiesPatch
-
http://securitytracker.com/id?1019524
-
http://www.symantec.com/avcenter/security/Content/2008.02.29.html
Patch
-
http://www.symantec.com/avcenter/security/Content/2008.02.28.html
-
http://www.vupen.com/english/advisories/2008/0718
Vendor Advisory
Jump to