September 2005
Symantec - VERITAS Storage Exec (tm) DCOM Server Buffer Overflows [SYM05-014]
ID: 00820
Ref: 764/05
Date: 21 September 2005:14:28:02
Version: 1
Title: Symantec - VERITAS Storage Exec (tm) DCOM Server Buffer Overflows [SYM05-014]
Abstract: Symantec have release a security advisory relating to buffer overflow vulnerabilities in VERITAS Storage Exec and StorageCentral.
Vendors affected: Symantec
Applications affected: Symantec
Title
=====
Symantec - VERITAS Storage Exec (tm) DCOM Server Buffer Overflows [SYM05-014]
Detail
======
Symantec have release a security advisory relating to buffer overflow vulnerabilities
in VERITAS Storage Exec and StorageCentral. The following is an extract from the
advisory:
" Overview
Multiple VERITAS Storage Exec DCOM server components have been identified as
susceptible to buffer overflows through calls to associated ActiveX controls. If
properly exploited, this vulnerability could allow execution of remotely downloaded
code on the system with privileges of the logged on user. Exploitation may result in
a system crash, or potentially lead to access to the local system with privileges of
the authenticated user.
Successful exploitation is highly dependent on user involvement in malicious code
gaining initial access to the system.
Affected Products
StorageCentral 5.2 rev. 322
Storage Exec 5.3 rev. 2190R "
The full advisory can be viewed at the following URL:
http://seer.support.veritas.com/docs/277565.htm