Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Symantec VERITAS Storage Exec DCOM Server BO's - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Symantec VERITAS Storage Exec DCOM Server BO's
Symantec has announced that "NGS Research identified multiple DCOM servers in VERITAS Storage Exec". There is no advisory posted at the NGS Research Advisory page as of this time. The Symantec Advisory says "Multiple VERITAS Storage Exec DCOM server components have been identified as susceptible to buffer overflows through calls to associated ActiveX controls." "Successful exploitation is highly dependent on user involvement for malicious code to gain initial access to the system."


 Affected Product
Version
 Build Storage Exec
5.3 Rev. 2190
 Storage Central
5.2 Rev. 322

Older versions may be affected as well.
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!