{"api_version":"1","generated_at":"2026-04-23T04:08:57+00:00","cve":"CVE-2007-3825","urls":{"html":"https://cve.report/CVE-2007-3825","api":"https://cve.report/api/cve/CVE-2007-3825.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-3825","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-3825"},"summary":{"title":"CVE-2007-3825","description":"Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-07-18 23:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securitytracker.com/id?1018403","name":"http://www.securitytracker.com/id?1018403","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CA Server Protection Suite Stack Overflows in Alert Notification Service Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018406","name":"http://www.securitytracker.com/id?1018406","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"BrightStor ARCserve Stack Overflows in Alert Notification Service Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp","name":"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018402","name":"http://www.securitytracker.com/id?1018402","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CA Threat Manager Stack Overflows in Alert Notification Service Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/24947","name":"http://www.securityfocus.com/bid/24947","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1018405","name":"http://www.securitytracker.com/id?1018405","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"BrightStor Enterprise Backup Stack Overflows in Alert Notification Service Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/2559","name":"http://www.vupen.com/english/advisories/2007/2559","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561","name":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018404","name":"http://www.securitytracker.com/id?1018404","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CA Business Protection Suite Stack Overflows in Alert Notification Service Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26088","name":"http://secunia.com/advisories/26088","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"CA Products Alert Notification Server Multiple Buffer Overflows - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35467","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35467","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-3825","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3825","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"alert_notification_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"brightstor_arcserve_backup","cpe6":"11.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"brightstor_arcserve_backup","cpe6":"11.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"brightstor_arcserve_backup","cpe6":"9.01","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"brightstor_enterprise_backup","cpe6":"10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"anti-virus_for_the_enterprise","cpe6":"8","cpe7":"*","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"brightstor_arcserve_backup","cpe6":"11","cpe7":"*","cpe8":"windows","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"brightstor_arcserve_client","cpe6":"*","cpe7":"*","cpe8":"windows","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"protection_suites","cpe6":"r3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"threat_manager","cpe6":"8","cpe7":"*","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T14:28:52.471Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"26088","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/26088"},{"name":"1018405","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018405"},{"name":"1018402","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018402"},{"name":"1018404","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018404"},{"name":"24947","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/24947"},{"name":"20070717 Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561"},{"name":"1018406","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018406"},{"name":"1018403","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018403"},{"name":"ca-alertnotification-bo(35467)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35467"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp"},{"name":"ADV-2007-2559","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/2559"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-07-17T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"26088","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/26088"},{"name":"1018405","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018405"},{"name":"1018402","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018402"},{"name":"1018404","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018404"},{"name":"24947","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/24947"},{"name":"20070717 Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561"},{"name":"1018406","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018406"},{"name":"1018403","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018403"},{"name":"ca-alertnotification-bo(35467)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35467"},{"tags":["x_refsource_CONFIRM"],"url":"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp"},{"name":"ADV-2007-2559","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/2559"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-3825","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"26088","refsource":"SECUNIA","url":"http://secunia.com/advisories/26088"},{"name":"1018405","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018405"},{"name":"1018402","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018402"},{"name":"1018404","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018404"},{"name":"24947","refsource":"BID","url":"http://www.securityfocus.com/bid/24947"},{"name":"20070717 Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561"},{"name":"1018406","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018406"},{"name":"1018403","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018403"},{"name":"ca-alertnotification-bo(35467)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35467"},{"name":"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp","refsource":"CONFIRM","url":"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp"},{"name":"ADV-2007-2559","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/2559"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-3825","datePublished":"2007-07-18T23:00:00.000Z","dateReserved":"2007-07-17T00:00:00.000Z","dateUpdated":"2024-08-07T14:28:52.471Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-07-18 23:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:alert_notification_server:*:*:*:*:*:*:*:*","matchCriteriaId":"C9064AD0-B246-4061-8200-D0999A62987D"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*","matchCriteriaId":"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*","matchCriteriaId":"E37161BE-6AF5-40E0-BD63-2C17431D8B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*","matchCriteriaId":"477EE032-D183-478F-A2BF-6165277A7414"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*","matchCriteriaId":"78AA54EA-DAF1-4635-AA1B-E2E49C4BB597"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:*","matchCriteriaId":"0662407D-B0D7-4C4A-9F11-D438ED0A186D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*","matchCriteriaId":"6E236148-4A57-4FDC-A072-A77D3DD2DB53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:brightstor_arcserve_client:*:*:windows:*:*:*:*:*","matchCriteriaId":"BF07EC08-D4C8-415B-86DB-E73E97EEFCB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*","matchCriteriaId":"253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:threat_manager:8:*:enterprise:*:*:*:*:*","matchCriteriaId":"45FA6D91-063C-41FC-B2C4-07B9E043FAFF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"3825","Ordinal":"1","Title":"CVE-2007-3825","CVE":"CVE-2007-3825","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"3825","Ordinal":"1","NoteData":"Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.","Type":"Description","Title":"CVE-2007-3825"},{"CveYear":"2007","CveId":"3825","Ordinal":"2","NoteData":"2007-07-18","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"3825","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}