CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-6917

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.498

EPSS Ranking 97.7%

CVSS Severity

CVSS v2 Score 10.0

References

http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp
http://www.lssec.com/advisories/LS-20060908.pdf
http://www.lssec.com/advisories/LS-20061001.pdf
http://www.securityfocus.com/archive/1/453930/30/390/threaded
http://www.securityfocus.com/archive/1/453933/30/420/threaded
http://www.securityfocus.com/archive/1/454088/30/0/threaded
http://www.securityfocus.com/archive/1/454094/30/360/threaded
http://www.securityfocus.com/archive/1/456428/100/0/threaded
http://www.securityfocus.com/archive/1/456711
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959
https://www.exploit-db.com/exploits/3086
http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp
http://www.lssec.com/advisories/LS-20060908.pdf
http://www.lssec.com/advisories/LS-20061001.pdf
http://www.securityfocus.com/archive/1/453930/30/390/threaded
http://www.securityfocus.com/archive/1/453933/30/420/threaded
http://www.securityfocus.com/archive/1/454088/30/0/threaded
http://www.securityfocus.com/archive/1/454094/30/360/threaded
http://www.securityfocus.com/archive/1/456428/100/0/threaded
http://www.securityfocus.com/archive/1/456711
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959
https://www.exploit-db.com/exploits/3086

Products affected by CVE-2006-6917

Broadcom » Brightstor Arcserve Backup Server » Version: 11.5

cpe:2.3:a:broadcom:brightstor_arcserve_backup_server:11.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-6917

Products

Pricing

Contact Us