Vulnerability Details : CVE-2007-6016
Public exploit exists!
Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2007-6016
Probability of exploitation activity in the next 30 days: 95.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2007-6016
-
Symantec BackupExec Calendar Control Buffer Overflow
Disclosure Date: 2008-02-28First seen: 2020-04-26exploit/windows/browser/symantec_backupexec_pvcalendarThis module exploits a stack buffer overflow in Symantec BackupExec Calendar Control. By sending an overly long string to the "_DOWText0" property located in the pvcalendar.ocx control, an attacker may be able to execute arbitrary code. Authors: - Elazar B
CVSS scores for CVE-2007-6016
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-6016
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6016
- http://seer.support.veritas.com/docs/308669.htm
-
https://www.exploit-db.com/exploits/5205
-
http://www.vupen.com/english/advisories/2008/2672
Vendor Advisory
-
http://www.securityfocus.com/bid/26904
Symantec Backup Exec Scheduler ActiveX Control Multiple Stack Based Buffer Overflow VulnerabilitiesPatch
-
http://securitytracker.com/id?1019524
- http://www.symantec.com/avcenter/security/Content/2008.02.29.html
- http://www.symantec.com/avcenter/security/Content/2008.02.28.html
-
http://www.vupen.com/english/advisories/2008/0718
Vendor Advisory
Products affected by CVE-2007-6016
- cpe:2.3:a:symantec:backup_exec_for_windows_server:11d:11.0.7170:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec_for_windows_server:12.0:12.0.1364:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec_for_windows_server:11d:11.0.6235:*:*:*:*:*:*