Main
Vulnerability Database
Exploits
ID:1722 - Exploit for Use-after-free error in Backup Exec - CVE-2017-8895
ID:1722 - Exploit for Use-after-free error in Backup Exec - CVE-2017-8895
Published: March 18, 2020
Vulnerability identifier: #VU6778
Vulnerability risk: High
CVE-ID: CVE-2017-8895
CWE-ID: CWE-416
Exploitation vector: Remote access
Vulnerable software:
Backup Exec
Backup Exec
Link to public exploit:
Vulnerability description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling malicious data. A remote attacker can send specially crafted NDMP data over SSL to TCP port 10000, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to use-after-free error when handling malicious data. A remote attacker can send specially crafted NDMP data over SSL to TCP port 10000, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 2014 14.1.1187.1126, 15 14.2.1180.3160, 16 FP1 (16.0.1142.1327).