CVE-2007-5331
 
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.
La biblioteca Queue.dll para el servicio de colas de mensajes (LQserver.exe) en CA BrightStor ARCServe BackUp versión v9.01 hasta R11.5, y Enterprise Backup r10.5, permite a atacantes remotos ejecutar código arbitrario por medio de una petición de protocolo ONRPC malformada para la operación 0x76, lo que hace que ARCserve Backup elimine la referencia de punteros arbitrarios.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-10-10 CVE Reserved
- 2007-10-12 CVE Published
- 2024-07-09 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://osvdb.org/41371 | Vdb Entry | |
http://research.eeye.com/html/advisories/published/AD20071011.html | Third Party Advisory | |
http://www.securityfocus.com/archive/1/482114/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/482121/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/24680 | Vdb Entry | |
http://www.securitytracker.com/id?1018805 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/37071 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp | 2021-04-09 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/27192 | 2021-04-09 | |
http://www.vupen.com/english/advisories/2007/3470 | 2021-04-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | 9.01 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version "9.01" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | 11.1 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version "11.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | 11.5 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version "11.5" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Brightstor Enterprise Backup Search vendor "Broadcom" for product "Brightstor Enterprise Backup" | 10.5 Search vendor "Broadcom" for product "Brightstor Enterprise Backup" and version "10.5" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Business Protection Suite Search vendor "Broadcom" for product "Business Protection Suite" | 2.0 Search vendor "Broadcom" for product "Business Protection Suite" and version "2.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Server Protection Suite Search vendor "Broadcom" for product "Server Protection Suite" | 2 Search vendor "Broadcom" for product "Server Protection Suite" and version "2" | - |
Affected
| ||||||
Ca Search vendor "Ca" | Brightstor Arcserve Backup Search vendor "Ca" for product "Brightstor Arcserve Backup" | 11 Search vendor "Ca" for product "Brightstor Arcserve Backup" and version "11" | windows |
Affected
| ||||||
Ca Search vendor "Ca" | Business Protection Suite Search vendor "Ca" for product "Business Protection Suite" | 2.0 Search vendor "Ca" for product "Business Protection Suite" and version "2.0" | microsoft_small_business_server_premium |
Affected
| ||||||
Ca Search vendor "Ca" | Business Protection Suite Search vendor "Ca" for product "Business Protection Suite" | 2.0 Search vendor "Ca" for product "Business Protection Suite" and version "2.0" | microsoft_small_business_server_standard |
Affected
|