CVE-2005-2535

BrightStor ARCserve Backup 9.0-11.1 - Remote Code Execution via Discovery Service Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-2535. PoCs published by Metasploit, cybertronic, hdm, aushack, including Metasploit module exploits/windows/brightstor/discovery_tcp.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in CA BrightStor Discovery Service via TCP port 41523. It leverages SEH overwrites to achieve remote code execution on vulnerable Windows systems.

Description

Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16408

This exploit targets a buffer overflow vulnerability in CA BrightStor Discovery Service via TCP port 41523. It leverages SEH overwrites to achieve remote code execution on vulnerable Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor Discovery Service (multiple versions)
No auth needed
Prerequisites: Network access to TCP port 41523 · Vulnerable version of CA BrightStor Discovery Service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by cybertronic · cdoslinux
https://www.exploit-db.com/exploits/815

This is a proof-of-concept exploit for a buffer overflow vulnerability in BrightStor ARCserve Backup. It crafts a malicious packet with specific byte patterns to trigger the overflow and potentially execute arbitrary code.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BrightStor ARCserve Backup
No auth needed
Prerequisites: Network access to the target system · Target service running on port 41523
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by hdm, aushack · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/discovery_tcp.rb

This Metasploit module exploits a buffer overflow vulnerability in CA BrightStor Discovery Service via a malformed TCP request to port 41523, leveraging SEH overwrites for arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor Discovery Service (multiple versions)
No auth needed
Prerequisites: Network access to TCP port 41523 · Vulnerable version of CA BrightStor Discovery Service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2005-02/0123.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19320
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/966880
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2005-02/0201.html
Exploit, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12536
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2005-02/0141.html
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/13814
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14293

Scores

EPSS 0.8087
EPSS Percentile 99.6%

Details

Status published
Products (10)
broadcom/arcserve_backup_2000 r16.5
broadcom/brightstor_arcserve_backup 7.0
broadcom/brightstor_arcserve_backup 9.0 (3 CPE variants)
broadcom/brightstor_arcserve_backup 9.0.1
broadcom/brightstor_arcserve_backup 11.0
broadcom/brightstor_arcserve_backup 11.1 (7 CPE variants)
broadcom/brightstor_arcserve_backup_hp 11.1
broadcom/brightstor_enterprise_backup 10
broadcom/brightstor_enterprise_backup 10.0 (4 CPE variants)
broadcom/brightstor_enterprise_backup 10.5 (6 CPE variants)
Published Aug 10, 2005
Tracked Since Feb 18, 2026