Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0449

CWE-119 — Buffer Overflow7 documents4 sources

Severity

10.0CRITICAL

EPSS

82.2%

top 0.78%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

5

Broadcom Brightstor Arcserve Backup Laptops Desktops Broadcom Brightstor Mobile Backup Broadcom Business Protection Suite +2 more

Timeline

PublishedJan 23

Latest updateMay 1

Description

Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDbroadcom/brightstor_arcserve_backup_laptops_desktops11.0, 11.1+1

▶NVDbroadcom/desktop_management_suite11.0, 11.1+1

▶NVDbroadcom/desktop_protection_suite2.0

▶NVDbroadcom/brightstor_mobile_backupr4.0

▶NVDbroadcom/business_protection_suite2.0

Patches

Patch: secunia.com ↗Patch: supportconnectw.ca.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-crj5-2wph-mp3x: Multiple buffer overflows in LGSERVER↗2022-05-01

▶

CVEList

CVE-2007-0449: Multiple buffer overflows in LGSERVER↗2007-01-23

▶

💥Exploits & PoCs

4

Exploit-DB

CA BrightStor ARCserve for Laptops & Desktops LGServer - Remote Buffer Overflow (Metasploit) (1)↗2010-05-09

▶

Exploit-DB

CA BrightStor ARCserve - 'lgserver.exe' Remote Stack Overflow↗2007-02-01

▶

Exploit-DB

CA BrightStor ARCserve - 'msgeng.exe' Remote Heap Overflow (2)↗2007-01-28

▶

Exploit-DB

CA BrightStor ARCserve - 'msgeng.exe' Remote Heap Overflow (1)↗2007-01-27

▶

CVE-2007-0449 (CRITICAL CVSS 10) | Multiple buffer overflows in LGSERV | cvebase.io