Exploit code released for vulnerability in CA software
Hackers have released exploit code for a vulnerability in CA storage software, the US Computer Emergency Response Team (US-Cert) has warned.The flaw affects CA’s BrightStor ARCserve Backup application and is caused by an unspecified error in the way that the “mediasvr.exe” process handles remote procedure call (RPC) requests, according to the advisory on the US-Cert website.
An attacker could exploit the vulnerability in order to gain control of the computer, the posting said. They could remotely execute code and if the exploit fails launch a denial of service attack, researchers claim.
The team advised organisations that employ the software to restrict user access to RPC until a patch is issued.