CA BrightStor ARCserve Backup contains multiple overflow conditions that can allow a remote attacker to execute arbitrary code with local SYSTEM privileges on Windows. The BrightStor ARCserve Backup Tape Engine service, Mediasvr service, and ASCORE.dll file are affected.
277d1dc497086cde18530d9b1513f826b6a78561bd1e1048a84224d877383608
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the handling of RPC requests to the Tape Engine service which listens by default on TCP port 6502. Affected include BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1, BrightStor ARCserve Backup r11, BrightStor Enterprise Backup r10.5, and BrightStor ARCserve Backup v9.01.
6c66da6548ef7017209667ef1a4d0c6c89619ef0dfeefa68e54903486c7ef037