CVE-2007-2279 Information

Description

The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.

Reference

http://osvdb.org/36104 http://secunia.com/advisories/25537 http://seer.entsupport.symantec.com/docs/288627.htm http://www.securityfocus.com/archive/1/470562/100/0/threaded http://www.securityfocus.com/bid/24194 http://www.securitytracker.com/id?1018188 http://www.symantec.com/avcenter/security/Content/2007.06.01.html http://www.vupen.com/english/advisories/2007/2035 https://exchange.xforce.ibmcloud.com/vulnerabilities/34680