CVE-2006-6917

Currently unrated

Key Information:

Vendor: Broadcom
Status: Brightstor Arcserve Backup Server
Vendor: CVE Published:; 31 December 2006

Summary

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.

References

http://supportconnectw.ca.com/public/storage/infodocs/bas...

x_refsource_MISC

http://www.securityfocus.com/archive/1/454088/30/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www3.ca.com/securityadvisor/newsinfo/collateral.as...

x_refsource_CONFIRM

EPSS Score

90% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jan 11, 2007
Vulnerability published
Dec 31, 2006