CVE-2007-3509

Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.

Published: Jul 12, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3509
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / veritas_backup_exec	10.0	10.0.x
symantec / veritas_backup_exec	10d	10d.x
symantec / veritas_backup_exec	11d	11d.x

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=553
http://secunia.com/advisories/26032
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11a.html
http://www.kb.cert.org/vuls/id/213697
http://www.osvdb.org/36111
http://www.securityfocus.com/bid/23897
http://www.securitytracker.com/id?1018366
http://www.vupen.com/english/advisories/2007/2505
https://exchange.xforce.ibmcloud.com/vulnerabilities/35340

Vulnerability Database

CVE-2007-3509

Deep Security Visibility Without the Complexity