Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6016

CWE-119Buffer Overflow5 documents4 sources
Severity
9.3CRITICAL
EPSS
67.8%
top 1.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Backup Exec FOR Windows Server
Timeline
PublishedFeb 29
Latest updateMay 1

Description

Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthTe

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDsymantec/backup_exec11d, 12.0+1

Patches

Patch: www.securityfocus.comPatch: www.symantec.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-q964-x2rc-v787: Multiple stack-based buffer overflows in the PVATLCalendar2022-05-01
CVEList
CVE-2007-6016: Multiple stack-based buffer overflows in the PVATLCalendar2008-02-29

💥Exploits & PoCs

2
Exploit-DB
Symantec BackupExec Calendar Control - Remote Buffer Overflow (Metasploit)2010-05-09
Exploit-DB
Symantec BackupExec Calendar Control - 'PVCalendar.ocx' Remote Buffer Overflow2008-02-29
CVE-2007-6016 (CRITICAL CVSS 9.3) | Multiple stack-based buffer overflo | cvebase.io