7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.968 High
EPSS
Percentile
99.6%
Added: 11/09/2006
CVE: CVE-2006-5143
BID: 20365
OSVDB: 29535
The BrightStor ARCserve Backup family of products includes a Message Engine which listens for connections on port 6503/TCP.
A buffer overflow in the **ASCORE.dll**
library allows remote attackers to execute arbitrary commands when a specially crafted request is processed by the Message Engine RPC server.
Apply the upgrade referenced in the Computer Associates Security Notice.
<http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0098.html>
Exploit works on BrightStor ARCserve Backup 11.5. Due to the nature of the vulnerability, the success of this exploit may depend on the system state at the time the exploit is run.
Windows 2000 SP4
Windows 2000 SP4 / Windows 2000
Windows 2000 SP3