CVE-2007-1785

CA BrightStor ARCserve Backup 11.5 SP2 build 4237 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1785. PoCs published by Shirkdog.

AI-analyzed exploit summary This exploit targets a design error in Computer Associates BrightStor Backup Mediasvr.exe, leveraging an RPC handling vulnerability to achieve remote code execution. It constructs two RPC packets with embedded shellcode to trigger the vulnerability under different memory conditions (pre- and post-reboot).

Description

The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Shirkdog · pythonremotewindows
https://www.exploit-db.com/exploits/3604

This exploit targets a design error in Computer Associates BrightStor Backup Mediasvr.exe, leveraging an RPC handling vulnerability to achieve remote code execution. It constructs two RPC packets with embedded shellcode to trigger the vulnerability under different memory conditions (pre- and post-reboot).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Computer Associates BrightStor Backup 11.5.2.0 (SP2)
No auth needed
Prerequisites: Network access to the target system · Mediasvr.exe service running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017830
Various Sources x_refsource_misc
http://www.shirkdog.us/shk-004.html
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0467.html
Various Sources x_refsource_misc
http://www.shirkdog.us/camediasvrremote.py
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33316
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24682
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/151305
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23209
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2509
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/464343/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/464270/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1161

Scores

EPSS 0.1535
EPSS Percentile 96.4%

Details

Status published
Products (4)
broadcom/brightstor_arcserve_backup 9.01
broadcom/brightstor_arcserve_backup 11.1
broadcom/brightstor_arcserve_backup 11.5 (3 CPE variants)
ca/brightstor_arcserve_backup 11
Published Mar 31, 2007
Tracked Since Feb 18, 2026