CVE-2007-5003

Published: Oct 1, 2007Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.

Affected (9)

Products: Broadcom: Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite · Ca: Protection Suites

2 products

Brightstor Arcserve Backup Laptops Desktops

Desktop Management Suite

1 product

Protection Suites

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Broadcom Brightstor Arcserve Backup Laptops Desktops	Version 11.0
Broadcom Brightstor Arcserve Backup Laptops Desktops	Version 11.1
Broadcom Brightstor Arcserve Backup Laptops Desktops	Version 11.1 sp1
Broadcom Brightstor Arcserve Backup Laptops Desktops	Version 11.5
Broadcom Brightstor Arcserve Backup Laptops Desktops	Version 4.0
Broadcom Desktop Management Suite	Version 11.0
Broadcom Desktop Management Suite	Version 11.1
Broadcom Desktop Management Suite	Version 11.2
Ca Protection Suites	Version r2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599

Source: cve@mitre.org

http://research.eeye.com/html/advisories/published/AD20070920.html

Source: cve@mitre.org

http://secunia.com/advisories/25606

Source: cve@mitre.org

Vendor Advisory

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Source: cve@mitre.org

Patch

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

Source: cve@mitre.org

Patch

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/480252/100/100/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/24348

Source: cve@mitre.org

http://www.securitytracker.com/id?1018728

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599

Source: af854a3a-2127-422b-91ae-364da2661108

http://research.eeye.com/html/advisories/published/AD20070920.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25606

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/480252/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24348

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1018728

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.