CA BrightStor ARCserve Backup Buffer Overflow

  Severity: HIGH
  CVE Identifier: CVE-2007-0169
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000927
  Trend Micro Deep Security DPI Rule Name: 1000927 - CA BrightStor ARCserve Backup Message Engine Buffer Overflow

  AFFECTED SOFTWARE AND VERSION

  • Computer Associates BrightStor ARCserve Backup 11.5
  • Computer Associates BrightStor ARCserve Backup 9.01
  • Computer Associates Enterprise Backup 10.5
  • Computer Associates Server/Business Protection Suite R2