CVE-2007-2279

high

Description

The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.

References

http://osvdb.org/36104

http://secunia.com/advisories/25537

http://seer.entsupport.symantec.com/docs/288627.htm

http://www.securityfocus.com/archive/1/470562/100/0/threaded

http://www.securityfocus.com/bid/24194

http://www.securitytracker.com/id?1018188

http://www.symantec.com/avcenter/security/Content/2007.06.01.html

http://www.vupen.com/english/advisories/2007/2035

https://exchange.xforce.ibmcloud.com/vulnerabilities/34680

Details

Source: MITRE

Published: 2007-06-04

Updated: 2018-10-16

Type: CWE-264

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH