>> Symantec Backup Exec Calendar Control Multiple Vulnerabilities
Title : Symantec Backup Exec Calendar Control Multiple Vulnerabilities VUPEN ID : VUPEN/ADV-2008-0718 CVE ID : CVE-2007-6016 - CVE-2007-6017
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-02-29
Technical Description
Multiple vulnerabilities have been identified in Symantec Backup Exec for Windows Servers, which could be exploited by attackers to bypass security restrictions, overwrite arbitrary files, or take complete control of an affected system.
The first issue is caused by buffer overflow errors in the PVATLCalendar.PVCalendar.1 (pvcalendar.ocx) ActiveX control when handling overly long arguments passed to various properties (e.g. "_DOWText0" to "_DOWText6", or "_MonthText0" to "_MonthText11") while calling the "Save()" method, which could be exploited by malicious web sites to crash an affected browser or execute arbitrary code.
The second vulnerability is caused by a design error in the PVATLCalendar.PVCalendar.1 (pvcalendar.ocx) ActiveX control that includes the insecure "Save()" method, which could be exploited by malicious web sites to overwrite and corrupt arbitrary files, or save malicious scripts to an arbitrary location on a vulnerable system.
Note: To exploit these vulnerabilities, an attacker would need to be aware of the exact path to the vulnerable control and be able to effectively entice a user to upload and execute malicious scripts via HTML email or visit a malicious web site hosting specially crafted code.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
