CVE-2007-2279

Name of the Vulnerable Software and Affected Versions Symantec Storage Foundation for Windows version 5.0

Description The issue allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket. This is achieved by creating specific registry values under VeritasVxSvcCurrentVersionSchedules, such as PreScript or PostScript, which specify future command execution.

Recommendations For Symantec Storage Foundation for Windows version 5.0, consider restricting access to the Scheduler Service (VxSchedService.exe) to minimize the risk of exploitation. As a temporary workaround, limit the ability to create registry values under VeritasVxSvcCurrentVersionSchedules, specifically PreScript and PostScript, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.