cvelistv5 - CVE-2007-1785

CVE-2007-1785 (GCVE-0-2007-1785)

Vulnerability from cvelistv5 – Published: 2007-03-31 01:00 – Updated: 2024-08-07 13:06

Summary

The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id?1017830	vdb-entryx_refsource_SECTRACK
	http://www.shirkdog.us/shk-004.html	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://supportconnectw.ca.com/public/storage/info…	x_refsource_CONFIRM
	http://www.shirkdog.us/camediasvrremote.py	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/24682	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/151305	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/23209	vdb-entryx_refsource_BID
	http://securityreason.com/securityalert/2509	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/archive/1/464343/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/464270/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2007/1161	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:06:26.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017830",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017830"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.shirkdog.us/shk-004.html"
          },
          {
            "name": "20070329 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.shirkdog.us/camediasvrremote.py"
          },
          {
            "name": "brightstor-mediasvr-bo(33316)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33316"
          },
          {
            "name": "24682",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24682"
          },
          {
            "name": "VU#151305",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/151305"
          },
          {
            "name": "23209",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23209"
          },
          {
            "name": "2509",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2509"
          },
          {
            "name": "20070331 CA BrightStor ARCserve Backup Mediasvr.exe vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464343/100/0/threaded"
          },
          {
            "name": "20070330 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464270/100/0/threaded"
          },
          {
            "name": "ADV-2007-1161",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1161"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017830",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017830"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.shirkdog.us/shk-004.html"
        },
        {
          "name": "20070329 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.shirkdog.us/camediasvrremote.py"
        },
        {
          "name": "brightstor-mediasvr-bo(33316)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33316"
        },
        {
          "name": "24682",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24682"
        },
        {
          "name": "VU#151305",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/151305"
        },
        {
          "name": "23209",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23209"
        },
        {
          "name": "2509",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2509"
        },
        {
          "name": "20070331 CA BrightStor ARCserve Backup Mediasvr.exe vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/464343/100/0/threaded"
        },
        {
          "name": "20070330 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/464270/100/0/threaded"
        },
        {
          "name": "ADV-2007-1161",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1161"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1785",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017830",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017830"
            },
            {
              "name": "http://www.shirkdog.us/shk-004.html",
              "refsource": "MISC",
              "url": "http://www.shirkdog.us/shk-004.html"
            },
            {
              "name": "20070329 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html"
            },
            {
              "name": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
            },
            {
              "name": "http://www.shirkdog.us/camediasvrremote.py",
              "refsource": "MISC",
              "url": "http://www.shirkdog.us/camediasvrremote.py"
            },
            {
              "name": "brightstor-mediasvr-bo(33316)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33316"
            },
            {
              "name": "24682",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24682"
            },
            {
              "name": "VU#151305",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/151305"
            },
            {
              "name": "23209",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23209"
            },
            {
              "name": "2509",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2509"
            },
            {
              "name": "20070331 CA BrightStor ARCserve Backup Mediasvr.exe vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/464343/100/0/threaded"
            },
            {
              "name": "20070330 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/464270/100/0/threaded"
            },
            {
              "name": "ADV-2007-1161",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1161"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1785",
    "datePublished": "2007-03-31T01:00:00",
    "dateReserved": "2007-03-30T00:00:00",
    "dateUpdated": "2024-08-07T13:06:26.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E37161BE-6AF5-40E0-BD63-2C17431D8B36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"477EE032-D183-478F-A2BF-6165277A7414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4305BA3B-B302-48EA-A923-EEC762DA42ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C689BA77-8B88-4742-9AF1-567E12B92E17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"6E236148-4A57-4FDC-A072-A77D3DD2DB53\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.\"}, {\"lang\": \"es\", \"value\": \"El servicio RPC en mediasvr.exe en CA BrightStor ARCserve Backup 11.5 SP2 construcci\\u00f3n 4237 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de datos xdr_handle_t manipulados en paquetes RPC, el cual es utilizado en el c\\u00e1lculo de la direcci\\u00f3n para una funci\\u00f3n de llamada, como se demostr\\u00f3 utilizando la respuesta RPC 191 (0xbf).\"}]",
      "id": "CVE-2007-1785",
      "lastModified": "2024-11-21T00:29:09.237",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:S/C:C/I:C/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-03-31T01:19:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24682\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/2509\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/151305\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/464270/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/464343/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23209\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1017830\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.shirkdog.us/camediasvrremote.py\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.shirkdog.us/shk-004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1161\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33316\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24682\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/2509\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/151305\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/464270/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/464343/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23209\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1017830\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.shirkdog.us/camediasvrremote.py\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.shirkdog.us/shk-004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33316\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1785\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-31T01:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.\"},{\"lang\":\"es\",\"value\":\"El servicio RPC en mediasvr.exe en CA BrightStor ARCserve Backup 11.5 SP2 construcci\u00f3n 4237 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de datos xdr_handle_t manipulados en paquetes RPC, el cual es utilizado en el c\u00e1lculo de la direcci\u00f3n para una funci\u00f3n de llamada, como se demostr\u00f3 utilizando la respuesta RPC 191 (0xbf).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:C/I:C/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37161BE-6AF5-40E0-BD63-2C17431D8B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477EE032-D183-478F-A2BF-6165277A7414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4305BA3B-B302-48EA-A923-EEC762DA42ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C689BA77-8B88-4742-9AF1-567E12B92E17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"6E236148-4A57-4FDC-A072-A77D3DD2DB53\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24682\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2509\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/151305\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/464270/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/464343/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23209\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017830\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.shirkdog.us/camediasvrremote.py\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.shirkdog.us/shk-004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1161\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33316\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/2509\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/151305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/464270/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/464343/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017830\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.shirkdog.us/camediasvrremote.py\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.shirkdog.us/shk-004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-1785

Vulnerability from fkie_nvd - Published: 2007-03-31 01:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html
cve@mitre.org	http://secunia.com/advisories/24682	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/2509
cve@mitre.org	http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
cve@mitre.org	http://www.kb.cert.org/vuls/id/151305	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/464270/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/464343/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/23209
cve@mitre.org	http://www.securitytracker.com/id?1017830
cve@mitre.org	http://www.shirkdog.us/camediasvrremote.py
cve@mitre.org	http://www.shirkdog.us/shk-004.html
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1161
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33316
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24682	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2509
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/151305	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/464270/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/464343/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23209
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017830
af854a3a-2127-422b-91ae-364da2661108	http://www.shirkdog.us/camediasvrremote.py
af854a3a-2127-422b-91ae-364da2661108	http://www.shirkdog.us/shk-004.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1161
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33316

Impacted products

Vendor	Product	Version
broadcom	brightstor_arcserve_backup	9.01
broadcom	brightstor_arcserve_backup	11.1
broadcom	brightstor_arcserve_backup	11.5
broadcom	brightstor_arcserve_backup	11.5
broadcom	brightstor_arcserve_backup	11.5
ca	brightstor_arcserve_backup	11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4305BA3B-B302-48EA-A923-EEC762DA42ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C689BA77-8B88-4742-9AF1-567E12B92E17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request."
    },
    {
      "lang": "es",
      "value": "El servicio RPC en mediasvr.exe en CA BrightStor ARCserve Backup 11.5 SP2 construcci\u00f3n 4237 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de datos xdr_handle_t manipulados en paquetes RPC, el cual es utilizado en el c\u00e1lculo de la direcci\u00f3n para una funci\u00f3n de llamada, como se demostr\u00f3 utilizando la respuesta RPC 191 (0xbf)."
    }
  ],
  "id": "CVE-2007-1785",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-31T01:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24682"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2509"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/151305"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/464270/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/464343/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23209"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017830"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.shirkdog.us/camediasvrremote.py"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.shirkdog.us/shk-004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1161"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/151305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/464270/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/464343/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.shirkdog.us/camediasvrremote.py"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.shirkdog.us/shk-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33316"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-ALE-009

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans BrightStor ARCServe Backup permettrait à un utilisateur distant d'exécuter du code arbitraire sur la machine vulnérable.

Description

Un manque de contrôle des requêtes RPC (Remote Procedure Call) passées au composant mediasvr.exe de BrightStor ARCServe Backup permettrait à un utilisateur distant mais provenant du même réseau d'exécuter du code arbitraire par le biais d'une requête RPC construite de façon particulière. Il existe une preuve de faisabilité mettant en œuvre cette vulnérabilité sur l'Internet.

Cette vulnérabilité a été corrigée et a fait l'objet de l'avis CERTA-2007-AVI-188.

Contournement provisoire

Dans la mesure où cette vulnérabilité offre à l'attaquant la possibilité de contrôler la machine à distance, il convient de :

ne pas rendre accessible depuis l'Internet la machine mettant en œuvre BrightStor ARCServe Backup ;
restreindre l'accès au service mediasvr.exe aux seules machines autorisées à dialoguer via RPC avec lui.

Solution

Se référer au bulletin de sécurité de l'éditeur (voir Documentation).

BrightStor ARCServe Backup versions 11.5 SP2 build 4237 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité Secunia SA24682 du 30 mars 2007	None	vendor-advisory
Avis CERTA-2007-AVI-188 du 25 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eBrightStor ARCServe Backup\u003c/TT\u003e  versions \u003cTT\u003e11.5 SP2 build 4237\u003c/TT\u003e et ant\u00e9rieures.",
  "closed_at": "2007-04-27",
  "content": "## Description\n\nUn manque de contr\u00f4le des requ\u00eates RPC (Remote Procedure Call) pass\u00e9es\nau composant mediasvr.exe de BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant mais provenant du m\u00eame r\u00e9seau d\u0027ex\u00e9cuter du code\narbitraire par le biais d\u0027une requ\u00eate RPC construite de fa\u00e7on\nparticuli\u00e8re. Il existe une preuve de faisabilit\u00e9 mettant en \u0153uvre cette\nvuln\u00e9rabilit\u00e9 sur l\u0027Internet.\n\nCette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et a fait l\u0027objet de l\u0027avis\nCERTA-2007-AVI-188.\n\n## Contournement provisoire\n\nDans la mesure o\u00f9 cette vuln\u00e9rabilit\u00e9 offre \u00e0 l\u0027attaquant la possibilit\u00e9\nde contr\u00f4ler la machine \u00e0 distance, il convient de :\n\n-   ne pas rendre accessible depuis l\u0027Internet la machine mettant en\n    \u0153uvre BrightStor ARCServe Backup ;\n-   restreindre l\u0027acc\u00e8s au service mediasvr.exe aux seules machines\n    autoris\u00e9es \u00e0 dialoguer via RPC avec lui.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    },
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    }
  ],
  "links": [
    {
      "title": "Avis CERTA-2007-AVI-188 du 25 avril 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-188/"
    }
  ],
  "reference": "CERTA-2007-ALE-009",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-30T00:00:00.000000"
    },
    {
      "description": "ajout de la section Solution, des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Computer Associates et des entr\u00e9es CVE.",
      "revision_date": "2007-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant d\u0027ex\u00e9cuter du code arbitraire sur la machine\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Secunia SA24682 du 30 mars 2007",
      "url": "http://www.secunia.com/advisories/24682"
    }
  ]
}

CERTA-2007-ALE-009

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans BrightStor ARCServe Backup permettrait à un utilisateur distant d'exécuter du code arbitraire sur la machine vulnérable.

Description

Cette vulnérabilité a été corrigée et a fait l'objet de l'avis CERTA-2007-AVI-188.

Contournement provisoire

Dans la mesure où cette vulnérabilité offre à l'attaquant la possibilité de contrôler la machine à distance, il convient de :

ne pas rendre accessible depuis l'Internet la machine mettant en œuvre BrightStor ARCServe Backup ;
restreindre l'accès au service mediasvr.exe aux seules machines autorisées à dialoguer via RPC avec lui.

Solution

Se référer au bulletin de sécurité de l'éditeur (voir Documentation).

BrightStor ARCServe Backup versions 11.5 SP2 build 4237 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité Secunia SA24682 du 30 mars 2007	None	vendor-advisory
Avis CERTA-2007-AVI-188 du 25 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eBrightStor ARCServe Backup\u003c/TT\u003e  versions \u003cTT\u003e11.5 SP2 build 4237\u003c/TT\u003e et ant\u00e9rieures.",
  "closed_at": "2007-04-27",
  "content": "## Description\n\nUn manque de contr\u00f4le des requ\u00eates RPC (Remote Procedure Call) pass\u00e9es\nau composant mediasvr.exe de BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant mais provenant du m\u00eame r\u00e9seau d\u0027ex\u00e9cuter du code\narbitraire par le biais d\u0027une requ\u00eate RPC construite de fa\u00e7on\nparticuli\u00e8re. Il existe une preuve de faisabilit\u00e9 mettant en \u0153uvre cette\nvuln\u00e9rabilit\u00e9 sur l\u0027Internet.\n\nCette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et a fait l\u0027objet de l\u0027avis\nCERTA-2007-AVI-188.\n\n## Contournement provisoire\n\nDans la mesure o\u00f9 cette vuln\u00e9rabilit\u00e9 offre \u00e0 l\u0027attaquant la possibilit\u00e9\nde contr\u00f4ler la machine \u00e0 distance, il convient de :\n\n-   ne pas rendre accessible depuis l\u0027Internet la machine mettant en\n    \u0153uvre BrightStor ARCServe Backup ;\n-   restreindre l\u0027acc\u00e8s au service mediasvr.exe aux seules machines\n    autoris\u00e9es \u00e0 dialoguer via RPC avec lui.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    },
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    }
  ],
  "links": [
    {
      "title": "Avis CERTA-2007-AVI-188 du 25 avril 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-188/"
    }
  ],
  "reference": "CERTA-2007-ALE-009",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-30T00:00:00.000000"
    },
    {
      "description": "ajout de la section Solution, des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Computer Associates et des entr\u00e9es CVE.",
      "revision_date": "2007-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant d\u0027ex\u00e9cuter du code arbitraire sur la machine\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Secunia SA24682 du 30 mars 2007",
      "url": "http://www.secunia.com/advisories/24682"
    }
  ]
}

CERTA-2007-AVI-188

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans BrightStor ARCserve Backup permettent l'exécution de code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans BrightStor ARCserve Backup. Elles affectent le service RPC du fichier mediasvr.exe. Un utilisateur malintentionné peut, par le biais de paquets RPC spécifiquement conçus, exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	BrightStor ARCserve Backup v9.01 ;
Cisco	N/A	CA Server Protection Suite r2 ;
Cisco	N/A	BrightStor Enterprise Backup r10.5 ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;
N/A	N/A	BrightStor ARCserve Backup r11.5 ;
Microsoft	Windows	BrightStor ARCserve Backup r11 for Windows ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.
N/A	N/A	BrightStor ARCserve Backup r11.1 ;
Cisco	N/A	CA Business Protection Suite r2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité ZDI-07-022 du 24 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BrightStor ARCserve Backup v9.01 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Server Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor Enterprise Backup r10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11 for Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BrightStor ARCserve Backup.\nElles affectent le service RPC du fichier mediasvr.exe. Un utilisateur\nmalintentionn\u00e9 peut, par le biais de paquets RPC sp\u00e9cifiquement con\u00e7us,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    },
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ZDI-07-022 du 24 avril 2007 :",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
    }
  ],
  "reference": "CERTA-2007-AVI-188",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eBrightStor ARCserve\nBackup\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve Backup Media Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    }
  ]
}

CERTA-2007-AVI-188

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans BrightStor ARCserve Backup permettent l'exécution de code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	BrightStor ARCserve Backup v9.01 ;
Cisco	N/A	CA Server Protection Suite r2 ;
Cisco	N/A	BrightStor Enterprise Backup r10.5 ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;
N/A	N/A	BrightStor ARCserve Backup r11.5 ;
Microsoft	Windows	BrightStor ARCserve Backup r11 for Windows ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.
N/A	N/A	BrightStor ARCserve Backup r11.1 ;
Cisco	N/A	CA Business Protection Suite r2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité ZDI-07-022 du 24 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BrightStor ARCserve Backup v9.01 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Server Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor Enterprise Backup r10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11 for Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BrightStor ARCserve Backup.\nElles affectent le service RPC du fichier mediasvr.exe. Un utilisateur\nmalintentionn\u00e9 peut, par le biais de paquets RPC sp\u00e9cifiquement con\u00e7us,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    },
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ZDI-07-022 du 24 avril 2007 :",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
    }
  ],
  "reference": "CERTA-2007-AVI-188",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eBrightStor ARCserve\nBackup\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve Backup Media Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    }
  ]
}

GHSA-RHR3-8QXQ-X4QM

Vulnerability from github – Published: 2022-05-01 17:57 – Updated: 2022-05-01 17:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1785"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-31T01:19:00Z",
    "severity": "HIGH"
  },
  "details": "The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.",
  "id": "GHSA-rhr3-8qxq-x4qm",
  "modified": "2022-05-01T17:57:03Z",
  "published": "2022-05-01T17:57:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1785"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33316"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24682"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2509"
    },
    {
      "type": "WEB",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/151305"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/464270/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/464343/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23209"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017830"
    },
    {
      "type": "WEB",
      "url": "http://www.shirkdog.us/camediasvrremote.py"
    },
    {
      "type": "WEB",
      "url": "http://www.shirkdog.us/shk-004.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1161"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-1785

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1785

Aliases

CVE-2007-1785

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1785",
    "description": "The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.",
    "id": "GSD-2007-1785"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1785"
      ],
      "details": "The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.",
      "id": "GSD-2007-1785",
      "modified": "2023-12-13T01:21:39.606260Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1785",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1017830",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017830"
          },
          {
            "name": "http://www.shirkdog.us/shk-004.html",
            "refsource": "MISC",
            "url": "http://www.shirkdog.us/shk-004.html"
          },
          {
            "name": "20070329 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html"
          },
          {
            "name": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp",
            "refsource": "CONFIRM",
            "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
          },
          {
            "name": "http://www.shirkdog.us/camediasvrremote.py",
            "refsource": "MISC",
            "url": "http://www.shirkdog.us/camediasvrremote.py"
          },
          {
            "name": "brightstor-mediasvr-bo(33316)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33316"
          },
          {
            "name": "24682",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24682"
          },
          {
            "name": "VU#151305",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/151305"
          },
          {
            "name": "23209",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23209"
          },
          {
            "name": "2509",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2509"
          },
          {
            "name": "20070331 CA BrightStor ARCserve Backup Mediasvr.exe vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/464343/100/0/threaded"
          },
          {
            "name": "20070330 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/464270/100/0/threaded"
          },
          {
            "name": "ADV-2007-1161",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1161"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1785"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.shirkdog.us/camediasvrremote.py",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.shirkdog.us/camediasvrremote.py"
            },
            {
              "name": "http://www.shirkdog.us/shk-004.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.shirkdog.us/shk-004.html"
            },
            {
              "name": "23209",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23209"
            },
            {
              "name": "24682",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24682"
            },
            {
              "name": "VU#151305",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/151305"
            },
            {
              "name": "1017830",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017830"
            },
            {
              "name": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
            },
            {
              "name": "2509",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2509"
            },
            {
              "name": "ADV-2007-1161",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1161"
            },
            {
              "name": "20070329 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html"
            },
            {
              "name": "brightstor-mediasvr-bo(33316)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33316"
            },
            {
              "name": "20070331 CA BrightStor ARCserve Backup Mediasvr.exe vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/464343/100/0/threaded"
            },
            {
              "name": "20070330 CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/464270/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-04-07T18:14Z",
      "publishedDate": "2007-03-31T01:19Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1785 (GCVE-0-2007-1785)

FKIE_CVE-2007-1785

CERTA-2007-ALE-009

Description

Contournement provisoire

Solution

CERTA-2007-ALE-009

Description

Contournement provisoire

Solution

CERTA-2007-AVI-188

Description

Solution

CERTA-2007-AVI-188

Description

Solution

GHSA-RHR3-8QXQ-X4QM

GSD-2007-1785

Tags

Sightings

Nomenclature