Unchecked Buffers in VERITAS Storage Exec
Reported September 19, 2005 by Next Generation Security Software
Storage Exec 5.3
Buffer overflow vulnerabilities were discovered in multiple DCOM server components that are part of VERITAS Storage Exec and StorageCentral. The components could be exploited through calls to associated ActiveX controls if a user launched malicious HTML code. Such code could arrive via email or be stored in a file or on a Web server. A successful exploit might lead to a system crash or allow access to the local system.
Symantec released hotfixes for Storage Exec and StorageCentral to correct the problems.