9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.919 High
EPSS
Percentile
98.9%
Added: 11/28/2008
CVE: CVE-2007-5004
BID: 24348
OSVDB: 41352
BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.
An integer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted authentication password to the LGServer service.
Apply the appropriate update referenced in the CA Security Notice.
<http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35675>
<http://archives.neohapsis.com/archives/bugtraq/2007-09/0287.html>
Exploit works on CA ARCserve Backup for Laptops and Desktops 11.1 SP2.
This exploit does not work on Windows Server 2003 with DEP enabled.
Windows 2000
Windows Server 2003