CVE-2006-6917
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.5 High
AI Score
Confidence
Low
0.91 High
EPSS
Percentile
98.9%
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.
Affected configurations
References
supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp
www.lssec.com/advisories/LS-20060908.pdf
www.lssec.com/advisories/LS-20061001.pdf
www.securityfocus.com/archive/1/453930/30/390/threaded
www.securityfocus.com/archive/1/453933/30/420/threaded
www.securityfocus.com/archive/1/454088/30/0/threaded
www.securityfocus.com/archive/1/454094/30/360/threaded
www.securityfocus.com/archive/1/456428/100/0/threaded
www.securityfocus.com/archive/1/456711
www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428
www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959
www.exploit-db.com/exploits/3086
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.5 High
AI Score
Confidence
Low
0.91 High
EPSS
Percentile
98.9%