JVNDB-2008-001311

Symantec Backup Exec for Windows Server ActiveX Control Multiple Buffer Overflow Vulnerabilities

The PVATLCalendar.PVCalendar.1 (pvcalendar.ocx) ActiveX control, a scheduler component of the Media Server in Symantec Backup Exec for Windows Server (BEWS), includes the insecure Save() method that mishandles long strings assigned to various properties listed below, which can be exploited to cause stack-based buffer overflows.
_DOWText0, _DOWText1, _DOWText2, _DOWText3, _DOWText4
_DOWText5, _DOWText6, _MonthText0, _MonthText1, _MonthText2
_MonthText3, _MonthText4, _MonthText5, _MonthText6, _MonthText7
_MonthText8, _MonthText9, _MonthText10, _MonthText11

Symantec Corporation

• Symantec Backup Exec for Windows Servers 11d
• Symantec Backup Exec for Windows Servers 12.0

Hitachi, Ltd

• JP1/VERITAS Backup Exec 11d (windows)
• JP1/VERITAS NetBackup 6.5
• JP1/VERITAS NetBackup 6.0
• JP1/VERITAS NetBackup 5.1

A remote attacker could execute arbitrary code.

Please refer to the 'Vendor Information' section for official countermeasure and take appropriate action.

Symantec Corporation

• Symantec Security Advisory : SYM08-007

Hitachi, Ltd

• Hitachi Software Vulnerability Information : HS08-007

1. Buffer Errors(CWE-119) [NVD Evaluation]

1. CVE-2007-6016

1. National Vulnerability Database (NVD) : CVE-2007-6016
2. Secunia Advisory : SA27885
3. SecurityFocus : 26904
4. SecurityTracker : 1019524
5. FrSIRT Advisories : FrSIRT/ADV-2008-0718
6. JVN iPedia (Japanese) : JVNDB-2008-001311

• [2008/05/21]
    Web page published
  [2008/11/21]
    Affected Products : Added Hitachi, Ltd (HS08-007).