CVE-2007-2279

Sažetak

The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.

Reference

http://osvdb.org/36104
http://secunia.com/advisories/25537
http://seer.entsupport.symantec.com/docs/288627.htm
http://www.securityfocus.com/archive/1/470562/100/0/threaded
http://www.securityfocus.com/bid/24194
http://www.securitytracker.com/id?1018188
http://www.symantec.com/avcenter/security/Content/2007.06.01.html
http://www.vupen.com/english/advisories/2007/2035
https://exchange.xforce.ibmcloud.com/vulnerabilities/34680

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-10-2018 - 16:42

Objavljeno

04-06-2007 - 16:30