BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.
A directory traversal vulnerability in
**rxRPC.dll** in the
**rxrReceiveFileFromServer** function allows remote attackers to overwrite arbitrary files, leading to command execution.
Apply the appropriate update referenced in the Security Notice.
Exploit overwrites the file
**licreg.dll**, which will affect any functions which use this DLL. The DLL would need to be restored, possibly by re-installing the software, in order to restore functionality. For this reason, this exploit does not run during automated penetration tests.
Exploit works on ARCserve Backup for Laptops and Desktops 11.1.
Exploit requires the String-CRC32 PERL module, which is available from www.cpan.org.