CVE-2007-0449

CA BrightStor ARCserve Backup r11.0-r11.1 SP1 - Remote Code Execution via Crafted Packets

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2007-0449. PoCs published by Metasploit, Winny Thomas, Jacopo Cervini, including Metasploit module exploits/windows/brightstor/lgserver.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in CA BrightStor ARCserve Backup for Laptops & Desktops 11.1 via a crafted TCP request to port 1900. It leverages SEH overwrites to achieve remote code execution on Windows 2000 Pro.

Description

Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16400

This exploit targets a stack buffer overflow in CA BrightStor ARCserve Backup for Laptops & Desktops 11.1 via a crafted TCP request to port 1900. It leverages SEH overwrites to achieve remote code execution on Windows 2000 Pro.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor ARCserve Backup for Laptops & Desktops 11.1
No auth needed
Prerequisites: Network access to TCP port 1900 · Target running vulnerable version of CA BrightStor ARCserve
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Winny Thomas · pythonremotewindows
https://www.exploit-db.com/exploits/3244

This exploit targets a stack overflow vulnerability in CA BrightStor Arcserve (CVE-2007-0449) by sending a maliciously crafted payload to port 1900, triggering a buffer overflow and executing a port-binding shellcode on TCP port 4444.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor Arcserve
No auth needed
Prerequisites: Network access to target's port 1900 · Vulnerable version of CA BrightStor Arcserve
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Jacopo Cervini · perlremotewindows
https://www.exploit-db.com/exploits/3218

This exploit targets a buffer overflow vulnerability in BrightStore ARCServer 11.5.4, sending maliciously crafted requests to achieve remote code execution via shellcode injection. It includes multiple return addresses for different Windows versions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BrightStore ARCServer 11.5.4
No auth needed
Prerequisites: Network access to target · Target running vulnerable BrightStore ARCServer version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Winny Thomas · pythonremotewindows
https://www.exploit-db.com/exploits/3211

This exploit targets a heap overflow in CA BrightStor's msgeng.exe service (CVE-2007-0449) by sending a maliciously crafted DCERPC request to overwrite the UnhandledExceptionFilter and execute shellcode. It opens a reverse shell on TCP port 4444 and was tested on Windows 2000 SP0.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor msgeng.exe service
No auth needed
Prerequisites: Network access to target on port 6503 · Vulnerable version of CA BrightStor
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/lgserver.rb

This Metasploit module exploits a stack buffer overflow in CA BrightStor ARCserve Backup for Laptops & Desktops 11.1 via a crafted TCP request to port 1900. It leverages SEH overwrites to achieve remote code execution on Windows 2000 Pro.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor ARCserve Backup for Laptops & Desktops 11.1
No auth needed
Prerequisites: Network access to TCP port 1900 · Target running vulnerable version of CA BrightStor ARCserve
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22340
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/31593
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/611276
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458648/100/0/threaded
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23897
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/458644/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31704
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457945/30/8460/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22199
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22342
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0314
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/357308
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017548

Scores

EPSS 0.7924
EPSS Percentile 99.6%

Details

CWE
CWE-119
Status published
Products (7)
broadcom/brightstor_arcserve_backup_laptops_desktops 11.0
broadcom/brightstor_arcserve_backup_laptops_desktops 11.1 (2 CPE variants)
broadcom/brightstor_mobile_backup r4.0
broadcom/business_protection_suite 2.0
broadcom/desktop_management_suite 11.0
broadcom/desktop_management_suite 11.1
broadcom/desktop_protection_suite 2.0
Published Jan 23, 2007
Tracked Since Feb 18, 2026