CVE-2007-5327

critical

Description

Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/37065

https://exchange.xforce.ibmcloud.com/vulnerabilities/37064

http://www.vupen.com/english/advisories/2007/3470

http://www.securitytracker.com/id?1018805

http://www.securityfocus.com/bid/26015

http://www.securityfocus.com/archive/1/482121/100/0/threaded

http://www.securityfocus.com/archive/1/482112/100/0/threaded

http://www.fortiguardcenter.com/advisory/FGA-2007-11.html

http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

http://securityreason.com/securityalert/3218

http://secunia.com/advisories/27192

http://ruder.cdut.net/blogview.asp?logID=231

Details

Source: Mitre, NVD

Published: 2007-10-13

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical