CVE-2007-2772

CA BrightStor Backup 11.5.2.0 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-2772. PoCs published by Shirkdog.

AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) in CA BrightStor Backup's Mediasvr.exe by sending a malformed RPC packet with operation 126, causing a null pointer dereference in cactirpc.dll and rwxdr.dll. The PoC first queries the RPC portmapper to locate the target service port before sending the crafted packet.

Description

(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Shirkdog · pythondoswindows
https://www.exploit-db.com/exploits/3940

This exploit triggers a denial-of-service (DoS) in CA BrightStor Backup's Mediasvr.exe by sending a malformed RPC packet with operation 126, causing a null pointer dereference in cactirpc.dll and rwxdr.dll. The PoC first queries the RPC portmapper to locate the target service port before sending the crafted packet.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: CA BrightStor ARCserve Backup 11.5.2.0 (SP2)
No auth needed
Prerequisites: Network access to the target's RPC portmapper (port 111) and Mediasvr.exe service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Shirkdog · pythondoswindows
https://www.exploit-db.com/exploits/3939

This exploit triggers a denial-of-service (DoS) in CA BrightStor Backup's caloggerd.exe by sending a malformed RPC packet with a null hostname, causing a null pointer dereference in camt70.dll. The PoC includes a portmapper query to locate the target service and a crafted payload to crash the service.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: CA BrightStor Backup 11.5.2.0 (SP2) with caloggerd.exe
No auth needed
Prerequisites: Network access to TCP port 111 (portmapper) and the caloggerd service port
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34319
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35328
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018076
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25300
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35327
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3939
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34322
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3940
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2727
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468784/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1849

Scores

EPSS 0.1206
EPSS Percentile 95.6%

Details

Status published
Products (1)
ca/brightstor_arcserve_backup 11.5.2.0 sp2
Published May 21, 2007
Tracked Since Feb 18, 2026