The flaw affects CA’s BrightStor ARCserve Backup application and is caused by an unspecified error in the way that the “mediasvr.exe” process handles remote procedure call (RPC) requests, according to the advisory on the US-Cert website.
An attacker could exploit the vulnerability in order to gain control of the computer, the posting said. They could remotely execute code and if the exploit fails launch a denial of service attack, researchers claim.
The team advised organisations that employ the software to restrict user access to RPC until a patch is issued.
Exploit code released for vulnerability in CA software
By Fiona Raisbeck on Apr 3, 2007 10:09AM