Attack Code Posted for CA BrightStor Flaw
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Attack Code Posted for CA BrightStor Flaw

Written By
Ryan Naraine
Ryan Naraine
Mar 18, 2008
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Hackers have posted proof-of-concept code that could be used to launch code execution attacks against businesses using the CA BrightStor ARCserve Backup software product.
eWEEK has confirmed that the code, posted at Milw0rm.com, exploits an unpatched ActiveX vulnerability in CA BrightStor ARCserve Backup to launch client-side attacks on laptop and desktop computers.
The attack code was successfully tested on CA BrightStor ARCserve Backup r11.5 in tandem with Internet Explorer 6 (Windows XP Service Pack 2).
According to virus trackers in Symantec’s DeepSight threat management system, there is a stack-based buffer overflow in the ListCtrl.ocx object. “An attacker may be able to corrupt structured exception handlers on the stack, thereby allowing arbitrary code to run. This issue can be triggered by passing a buffer to the ‘AddColumn()’ method,” according to DeepSight analyst Aaron Adams.

Hackers are looking to steal online gaming passwords. Read more here.

The current public exploit contains a payload that executes “calc.exe” (calculator) only, but Adams said that trivial modification of the code could allow an arbitrary payload, such as one to bind a shell to a TCP port. A more malicious payload could be included without affecting the exploit’s reliability, he said.
In the absence of a patch from CA, affected users are urged to set the kill bit on the affected CLSID (BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3) for workstations or terminal server computers that have the BrightStor ARCserve Backup software installed.
Instructions for disabling vulnerable ActiveX controls can be found in this Microsoft Knowledge Base article.
Symantec DeepSight also recommends:

  • Browsing the Web with the least privileges possible.
  • Disabling active content where possible.
  • Configuring operating systems to run with all available security mechanisms (such as DEP) enabled to hamper an attacker’s ability to successfully leverage the vulnerability.

Serious ActiveX vulnerabilities have recently been disclosed in several widely deployed software applications, including RealPlayer’s RealNetworks media player and image uploaders used by MySpace and Facebook.
Ryan Naraine
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information