ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability

ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-002.html January 11, 2007 -- CVE ID: CVE-2007-0168 -- Affected Vendor: Computer Associates -- Affected Products: BrightStor ARCserve Backup r11.5 BrightStor ARCser...

CVE-2007-0168

CVE-2007-0168 affects the Tape Engine RPC service in CA BrightStor ARCserve Backup (versions 9.01–11.5, Enterprise Backup 10.5, CA Server/Business Protection Suite r2). The flaw arises from the RPC handler for opnum 0xBF, which directly executes user-supplied data, enabling remote attackers to ex...