Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5003

CWE-119 — Buffer Overflow5 documents4 sources

Severity

10.0CRITICAL

EPSS

82.1%

top 0.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Brightstor Arcserve Backup Laptops Desktops Broadcom Desktop Management Suite CA Protection Suites

Timeline

PublishedOct 1

Latest updateMay 1

Description

Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDbroadcom/brightstor_arcserve_backup_laptops_desktops4 versions+3

▶NVDca/protection_suitesr2

▶NVDbroadcom/desktop_management_suite11.0, 11.1, 11.2+2

Patches

Patch: supportconnectw.ca.com ↗Patch: www.ca.com ↗Patch: www.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-r6mq-3vv9-38j4: Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11↗2022-05-01

▶

CVEList

CVE-2007-5003: Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11↗2007-10-01

▶

💥Exploits & PoCs

Exploit-DB

CA BrightStor ARCserve for Laptops & Desktops LGServer - Remote Buffer Overflow (Metasploit) (3)↗2010-11-03

▶

Exploit-DB

BolinTech DreamFTP Server - 'USER' Remote Buffer Overflow (PoC)↗2007-01-14

▶