CVE-2005-1272

BrightStor ARCserve Backup Agent for SQL Server 11.0 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-1272. PoCs published by Metasploit, cybertronic, hdm, including Metasploit module exploits/windows/brightstor/sql_agent.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in CA BrightStor Agent for Microsoft SQL Server. It sends a maliciously crafted buffer to trigger the overflow and execute arbitrary code via a return address overwrite and jump to shellcode.

Description

Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16403

This exploit targets a buffer overflow vulnerability in CA BrightStor Agent for Microsoft SQL Server. It sends a maliciously crafted buffer to trigger the overflow and execute arbitrary code via a return address overwrite and jump to shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor Agent for Microsoft SQL Server (ARCServe 11.0, 11.1, 11.1 SP1)
No auth needed
Prerequisites: Network access to the target on port 6070 · Target software must be running
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by cybertronic · cremotewindows
https://www.exploit-db.com/exploits/1130

This exploit targets a buffer overflow vulnerability in CA BrightStor ARCserve Backup Agent for SQL (dbasqlr.exe) on port 6070. It includes both bind and reverse shell payloads, leveraging a hardcoded return address (0x20c0c1ab) to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor ARCserve Backup Agent for SQL (dbasqlr.exe)
No auth needed
Prerequisites: Network access to port 6070 on the target · Vulnerable version of CA BrightStor ARCserve Backup Agent for SQL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by hdm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/sql_agent.rb

This Metasploit module exploits a buffer overflow vulnerability in CA BrightStor Agent for Microsoft SQL Server (CVE-2005-1272). It sends a maliciously crafted buffer to trigger a stack-based overflow, leveraging a 'jmp esp' or similar instruction to redirect execution to the payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor Agent for Microsoft SQL Server (ARCServe 11.0, 11.1, 11.1 SP1)
No auth needed
Prerequisites: Network access to the target on port 6070 · Target software must be running and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/279774
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14453
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21656

Scores

EPSS 0.6612
EPSS Percentile 99.2%

Details

Status published
Products (12)
broadcom/brightstor_enterprise_backup 10.0
broadcom/brightstor_enterprise_backup 10.5
ca/brightstor_arcserve_backup 9.0.1
ca/brightstor_arcserve_backup 9.0_1
ca/brightstor_arcserve_backup 11.0 (2 CPE variants)
ca/brightstor_arcserve_backup 11.1 (2 CPE variants)
ca/brightstor_arcserve_backup_agent 9.0.1 (3 CPE variants)
ca/brightstor_arcserve_backup_agent 11
ca/brightstor_arcserve_backup_agent 11.0 (2 CPE variants)
ca/brightstor_arcserve_backup_agent 11.1 (3 CPE variants)
... and 2 more
Published Aug 05, 2005
Tracked Since Feb 18, 2026