Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0169

CWE-119Buffer Overflow4 documents4 sources
Severity
7.5HIGH
EPSS
77.8%
top 1.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Broadcom Brightstor Arcserve BackupBroadcom Brightstor Enterprise BackupBroadcom Business Protection Suite
Timeline
PublishedJan 11
Latest updateMay 1

Description

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Patches

Patch: supportconnectw.ca.comPatch: supportconnectw.ca.com

🔴Vulnerability Details

2
GHSA
GHSA-hr4g-m2q7-5wxr: Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 92022-05-01
CVEList
CVE-2007-0169: Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 92007-01-11

💥Exploits & PoCs

1
Exploit-DB
CA BrightStor ARCserve - Message Engine Buffer Overflow (Metasploit)2010-04-30
CVE-2007-0169 (HIGH CVSS 7.5) | Multiple buffer overflows in Comput | cvebase.io