Details
NGS Research identified multiple DCOM servers in VERITAS Storage Exec that are susceptible to stack and heap overflows as they fail to properly validate/parse external input. The buffer overflows in the DCOM servers can be successfully initiated by calls to associated ActiveX controls. To successfully launch this type of attack, the authenticated user would have had to either visit a hostile web site or be enticed to visit a hostile location where the malicious code could be successfully executed or downloaded to the local system. Or, the user would need to download an html email containing malicious code that could be successfully run on the system.
Exploiting this issue could result in a system crash or, if successful, could potentially result in access to the local system with authenticated user privileges.
The Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE Candidate CAN-2005-2996 to this issue. This issue is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems
Thanks for your feedback. Let us know if you have additional comments below. (requires login)