Added: 11/28/2008
CVE: CVE-2007-5004
BID: 24348
OSVDB: 41352
BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.
An integer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted authentication password to the LGServer service.
Apply the appropriate update referenced in the CA Security Notice.
<http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35675>
<http://archives.neohapsis.com/archives/bugtraq/2007-09/0287.html>
Exploit works on CA ARCserve Backup for Laptops and Desktops 11.1 SP2.
This exploit does not work on Windows Server 2003 with DEP enabled.
Windows 2000
Windows Server 2003