cbcvebase.
CVE-2005-2535
published 2005-08-10

CVE-2005-2535: Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large…

PriorityP263high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
80.87%
99.6th percentile
Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.

Affected

10 ranges
VendorProductVersion rangeFixed in
broadcomarcserve_backup_2000
broadcombrightstor_arcserve_backup
broadcombrightstor_arcserve_backup
broadcombrightstor_arcserve_backup
broadcombrightstor_arcserve_backup
broadcombrightstor_arcserve_backup
broadcombrightstor_arcserve_backup_hp
broadcombrightstor_enterprise_backup
broadcombrightstor_enterprise_backup
broadcombrightstor_enterprise_backup

Detection & IOCsextracted from sources · hover to see the quote

port41523/tcp
bytes
0x9b 'SERVICEPC' 0x18 [4-byte IP] 'SERVICEPC' 0x01 0x0c 0x6c 0x93 0xce 0x18 0x18 0x41 [overflow buffer]
  • Detect exploit attempts by monitoring for large TCP packets (>1024 bytes) to port 41523 that begin with the byte 0x9b followed by the ASCII string 'SERVICEPC'.
  • The payload bad-char constraint is only null bytes (0x00); any other byte value may appear in the shellcode stream on TCP/41523.
  • The PoC fills the overflow buffer with 0x41 ('A') bytes beyond the header; a buffer of 4096 bytes starting with 0x9b+SERVICEPC and padded with 0x41 is a strong indicator of exploitation.
  • ·The module author notes the vulnerability 'affects all known versions of the BrightStor product', so version-based filtering alone is insufficient for scoping detection.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.