Home arrow US-CERT Computer Emergency Readiness Team arrow CA BrightStor ARCserve Backup Vulnerability

CA BrightStor ARCserve Backup Vulnerability

US-CERT has seen reports of a vulnerability in CA BrightStor ARCserve Backup. This vulnerability is due to a boundary error within the "AddColumn()" method in the "ListCtrl" ActiveX control. Exploitation of this vulnerability may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code.

US-CERT encourages users to do the following to help mitigate the risk:

  • Set a kill bit for the CLSID {BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}.
  • Disable ActiveX as described in the Securing Your Web BrowserSecuring Your Web Browser document.
US-CERT will provide more information as it becomes available.