CVE-2006-5143
CA BrightStor ARCserve Backup <r11.5 SP1 - RCE
Title source: llmDescription
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16401
exploitdb
WORKING POC
VERIFIED
by Winny Thomas · pythonremotewindows
https://www.exploit-db.com/exploits/3495
exploitdb
WORKING POC
VERIFIED
by LSsec.com · pythonremotewindows
https://www.exploit-db.com/exploits/28766
exploitdb
WORKING POC
VERIFIED
by LSsec.com · cremotewindows
https://www.exploit-db.com/exploits/28765
metasploit
WORKING POC
NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/message_engine_heap.rb
References (27)
... and 7 more
Scores
EPSS
0.8463
EPSS Percentile
99.3%
Details
CWE
CWE-119
Status
published
Products (7)
broadcom/brightstor_arcserve_backup
9.01
broadcom/brightstor_arcserve_backup
11.1
broadcom/brightstor_arcserve_backup
< 11.5
broadcom/brightstor_enterprise_backup
10.5
broadcom/business_protection_suite
2.0
broadcom/server_protection_suite
2
ca/brightstor_arcserve_backup
11
Published
Oct 10, 2006
Tracked Since
Feb 18, 2026