Veritas Backup Exec Media Server BEngine Service Job Log Remote Format String Vulnerability

Veritas Backup Exec Media Server BEngine Service Job Log Remote Format String Vulnerability

Veritas Backup Exec Media Server is susceptible to a remote format-string vulnerability. This issue occurs because the application fails to do proper input-sanitization of user-supplied input before sing it in the format-specifier argument of a formatted-printing function.

This issue is exploitable only when the job log is configured to run in 'Full Details' mode. This is not the default configuration mode, nor is it recommended in a production environment due to the excessive amount of disk space required for the log.

This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploitation attempts likely result in a denial-of-service condition.