Unchecked Buffers in VERITAS Storage Exec

Reported September 19, 2005 by Next Generation Security Software

VERSIONS AFFECTED


Storage Exec 5.3

StorageCentral 5.2


DESCRIPTION

Buffer overflow vulnerabilities were discovered in multiple DCOM server components that are part of VERITAS Storage Exec and StorageCentral. The components could be exploited through calls to associated ActiveX controls if a user launched malicious HTML code. Such code could arrive via email or be stored in a file or on a Web server. A successful exploit might lead to a system crash or allow access to the local system.

VENDOR RESPONSE

Symantec released hotfixes for Storage Exec and StorageCentral to correct the problems.