Unchecked Buffers in VERITAS Storage Exec
Reported September 19, 2005 by Next Generation Security Software
VERSIONS AFFECTED
Storage Exec 5.3 StorageCentral 5.2 |
DESCRIPTION
Buffer overflow vulnerabilities were discovered in multiple DCOM server components that are part of VERITAS Storage Exec and StorageCentral. The components could be exploited through calls to associated ActiveX controls if a user launched malicious HTML code. Such code could arrive via email or be stored in a file or on a Web server. A successful exploit might lead to a system crash or allow access to the local system.
VENDOR RESPONSE
Symantec released hotfixes for Storage Exec and StorageCentral to correct the problems.
0 comments
Hide comments