CVE-2007-3509

3 documents3 sources

Severity

7.5HIGH

EPSS

27.2%

top 3.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Veritas Backup Exec

Timeline

PublishedJul 12

Latest updateMay 1

Description

Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsymantec/veritas_backup_exec10.0, 10d, 11d+2

Patches

Patch: securityresponse.symantec.com ↗Patch: www.securityfocus.com ↗Patch: securityresponse.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-38xp-mhx6-r7xx: Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10↗2022-05-01

▶

CVEList

CVE-2007-3509: Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10↗2007-07-12

▶