CVE-2007-5003

Name of the Vulnerable Software and Affected Versions CA BrightStor ARCserve Backup for Laptops and Desktops versions r11.0 through r11.5

Description The issue concerns multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved by providing a long username or password to the "rxrLogin command" in rxRPC.dll, or a long username argument to the GetUserInfo function.

Recommendations For versions r11.0 through r11.5, consider disabling the rxrLogin command in rxRPC.dll and restricting access to the GetUserInfo function until a patch is available. Avoid using long username or password values in the affected API endpoint until the issue is resolved.