US-CERT has seen reports of a vulnerability in CA BrightStor ARCserve Backup. This vulnerability is due to a boundary error within the "AddColumn()" method in the "ListCtrl" ActiveX control. Exploitation of this vulnerability may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code.

US-CERT encourages users to do the following to help mitigate the risk:

• Set a kill bit for the CLSID {BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}.
• Disable ActiveX as described in the Securing Your Web Browser document.