CA ARCserve Backup Authentication service invalid virtual function call

Added: 11/09/2012
CVE: CVE-2012-2971
BID: 56116
OSVDB: 86416

Background

CA ARCserve Backup (formerly BrightStor ARCserve Backup) is a backup and recovery solution.

Problem

An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands.

Resolution

Apply one of the patches described in CA20121018-01.

References

http://secunia.com/advisories/51012/

Limitations

Exploit works on CA ARCserve Backup r16 on Windows Server 2003 SP2 English (DEP AlwaysOff).

Platforms

Windows

Back to exploit index