10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.9 High
EPSS
Percentile
98.5%
Added: 10/18/2007
CVE: CVE-2007-5327
BID: 26015
OSVDB: 41369
CA ARCserve Bac kup (formerly BrightStor ARCserve Backup) is a backup and recovery solution. It runs a Message Engine RPC service on port 6504/TCP by default.
A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary commands by sending a specially crafted request with opnum 0x10d to the Message Engine RPC service.
Apply one of the patches referenced in the Security Notice.
<http://www.securityfocus.com/archive/1/482112>
Exploit works on CA BrightStor ARCserve Backup 11.5. The target’s NetBIOS name must be provided in order for the exploit to work on IPv6 targets.
Windows