The Veritas Backup Exec Remote Agent for Windows contains a buffer overflow that can allow an attacker to take over a system, according to US-CERT.
The agent is installed on systems that are slated for back up and listens on TCP port 10000 for messages that a backup should happen, but the software fails to properly validate incoming packets. A specially crafted message can then trigger a buffer overflow.
Exploit code for the flaw is publicly available and US-CERT said it has received legitimate reports that the vulnerability is being actively exploited. Also, it has seen increasing scanning activity on port 10000/tcp, indicating that attackers are trying to find systems running the flawed software.
US-CERT advised installing the patches Veritas has issued for the vulnerable software, and using firewalls to limit connectivity so that only backup servers can connect to the sytems being backed up.