RETIRED: Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability
BID:51189
Info
RETIRED: Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 51189 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 28 2011 12:00AM |
| Updated: | Jan 03 2012 05:50PM |
| Credit: | HITACHI |
| Vulnerable: |
Computer Associates ARCserve D2D for Windows Server Standard Edition r15 Computer Associates ARCServe D2D r15 Computer Associates ARCserve Backup for Windows D2D Option Basic Edition r15 |
| Not Vulnerable: | |
Discussion
RETIRED: Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability
Computer Associates ARCserve D2D and ARCserve Backup are prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted script file.
Computer Associates ARCserve D2D r15 and ARCserve Backup r15 are vulnerable; other versions may also be affected.
RETIRED: This BID is retired because it is a duplicate of BID 48897 (Computer Associates ARCserve D2D 'homepageServlet' Servlet Information Disclosure Vulnerability).
Computer Associates ARCserve D2D and ARCserve Backup are prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted script file.
Computer Associates ARCserve D2D r15 and ARCserve Backup r15 are vulnerable; other versions may also be affected.
RETIRED: This BID is retired because it is a duplicate of BID 48897 (Computer Associates ARCserve D2D 'homepageServlet' Servlet Information Disclosure Vulnerability).
Exploit / POC
RETIRED: Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
RETIRED: Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability
References:
References:
- ARCserve Backup Homepage (Computer Associates)
- ARCserve D2D Homepage (Computer Associates)
- Vulnerability in CA ARCserve D2D (HITACHI)