Exploit in wild for CA storage software flaw

Hackers have released exploit code for a vulnerability in CA storage software, US-CERT (the U.S. Computer Emergency Readiness Team) has warned.

The flaw affects CA’s BrightStor ARCserve Backup application and is caused by an unspecified error in the way the "mediasvr.exe" process handles remote procedure call (RPC) requests, according to the advisory on the US-CERT website.

An attacker could exploit the vulnerability in order to gain control of a PC, according to the advisory. A malicious user could remotely execute code and, if the exploit fails, launch a DoS attack, according to the advisory.

The team advised organizations that use the software to restrict access to RPC until a patch is issued.

Looking for a new job? SCMagazine.com has the latest IT security employment offerings. Click here to visit our jobs page.

prestitial ad