CVE-2007-5331

Published Oct 13, 2007

Last updated 4 years ago

CVSS info 10.0

Overview

Description: Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "328E1C42-488A-43FC-8DF2-758DC73B74AF"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8781759-7B4C-47C3-8A60-8CA5520360C5"
          },
          {
            "criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53"
          },
          {
            "criteria": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_small_business_server_premium:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1366038C-7552-44C7-BB01-316AA0D088F9"
          },
          {
            "criteria": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_small_business_server_standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D24EEBF9-8301-4E8E-8AE1-E41774EDEFD9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References