CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.4%
Added: 01/24/2007
CVE: CVE-2007-0169
BID: 22005
OSVDB: 31318
The BrightStor ARCserve Backup server runs the Message Engine RPC service on ports 6503/TCP and 6504/TCP by default.
A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary commands by sending a specially crafted request with opnum 0x75 to the Message Engine RPC service.
Apply the patch referenced in the Security Notice.
<http://www.zerodayinitiative.com/advisories/ZDI-07-003.html>
<http://www.kb.cert.org/vuls/id/180336>
Exploit works on BrightStor ARCserve Backup r11.5 SP2.
Windows 2000
Windows Server 2003