Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2007-1785

Published: 31/03/2007 Updated: 07/04/2021
CVSS v2 Base Score: 7.1 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 715
Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C
Subscribe to Ca

Vulnerability Summary

The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote malicious users to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.

Vulnerable Product Search on Vulmon Subscribe to Product

ca brightstor arcserve backup 11

broadcom brightstor arcserve backup 9.01

broadcom brightstor arcserve backup 11.5

broadcom brightstor arcserve backup 11.1

Exploits

Exploit DB: CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Remote Code
#!/usr/bin/python # # Computer Associates (CA) Brightstor Backup Mediasvrexe Remote Code Exploit # (Previously Unknown) # # There seems to be an design error in the handling of RPC data with xdr procedures # across several dll's imported by Mediasvrexe Four bytes from an RPC packet are # processed as a particular address (xdr_handle_t data whic ...

Github Repositories

https://github.com/shirkdog/exploits

Exploit code

Exploits and Shellcode Exploit code by year/CVE 2006/CVE-2006-4868/vmlDoShtml 2007/CVE-2007-0816/catirpcdosrb 2007/CVE-2007-1785/camediasvrremotepy 2007/CVE-2007-2772/caloggerdospy 2007/CVE-2007-2772/camediasvrdospy Shellcode (by OS)

References

NVD-CWE-Otherhttp://www.shirkdog.us/camediasvrremote.pyhttp://www.shirkdog.us/shk-004.htmlhttp://www.securityfocus.com/bid/23209http://secunia.com/advisories/24682http://www.kb.cert.org/vuls/id/151305http://www.securitytracker.com/id?1017830http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asphttp://securityreason.com/securityalert/2509http://www.vupen.com/english/advisories/2007/1161http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/33316http://www.securityfocus.com/archive/1/464343/100/0/threadedhttp://www.securityfocus.com/archive/1/464270/100/0/threadedhttps://nvd.nist.govhttps://github.com/shirkdog/exploitshttps://www.exploit-db.com/exploits/3604/https://www.kb.cert.org/vuls/id/151305
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook