BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.
An integer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted authentication password to the LGServer service.
Apply the appropriate update referenced in the CA Security Notice.
Exploit works on CA ARCserve Backup for Laptops and Desktops 11.1 SP2.
This exploit does not work on Windows Server 2003 with DEP enabled.
Windows Server 2003