CVE-2007-2279
Symantec Storage Foundation 5.0 - Remote Code Execution via Scheduler Service
Title source: llmDescription
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
References (9)
Core 9
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2007.06.01.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25537
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/470562/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018188
Various Sources x_refsource_confirm
http://seer.entsupport.symantec.com/docs/288627.htm
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36104
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24194
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2035
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34680
Scores
EPSS
0.1309
EPSS Percentile
94.2%
Details
CWE
CWE-264
Status
published
Products (1)
symantec/veritas_storage_foundation
5.0
Published
Jun 04, 2007
Tracked Since
Feb 18, 2026