Exploit in wild for CA storage software flaw

Hackers have released exploit code for a vulnerability in CA storage software, US-CERT (the U.S. Computer Emergency Readiness Team) has warned.

The flaw affects CA’s BrightStor ARCserve Backup application and is caused by an unspecified error in the way the "mediasvr.exe" process handles remote procedure call (RPC) requests, according to the advisory on the US-CERT website.

An attacker could exploit the vulnerability in order to gain control of a PC, according to the advisory. A malicious user could remotely execute code and, if the exploit fails, launch a DoS attack, according to the advisory.

The team advised organizations that use the software to restrict access to RPC until a patch is issued.

Looking for a new job? has the latest IT security employment offerings. Click here to visit our jobs page.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.