CA XOsoft is storage and recovery management software that includes applications for combined business continuity and disaster recovery. The CA XOsoft product family includes CA XOsoft Replication, CA XOsoft High Availability, and CA XOsoft Content Distribution.
Control Service r12 and Control Service r12.5 included in the CA XOsoft Replication, High Availability, and Content Distribution products with versions r12 and r12.5 are vulnerable to a stack buffer overflow as a result of overly long data passed to
/entry_point.aspx. A successful attacker could execute arbitrary code with the permissions of the CA Control Service process.
Apply the patches referenced in CA Security Notice for CA XOsoft CA20100406-01.
Exploit works on CA XOsoft Control Service r12.5.