CVE-2007-6017

CWE-20Improper Input Validation3 documents3 sources
Severity
5.1MEDIUM
EPSS
7.1%
top 8.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Backup Exec FOR Windows Server
Timeline
PublishedFeb 29
Latest updateMay 1

Description

The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthT

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDsymantec/backup_exec11d, 12.0+1

🔴Vulnerability Details

2
GHSA
GHSA-jx2v-j353-9rr5: The PVATLCalendar2022-05-01
CVEList
CVE-2007-6017: The PVATLCalendar2008-02-29
CVE-2007-6017 (MEDIUM CVSS 5.1) | The PVATLCalendar.PVCalendar.1 Acti | cvebase.io