CVE-2007-0168

Name of the Vulnerable Software and Affected Versions CA BrightStor ARCserve Backup versions 9.01 through 11.5 CA Enterprise Backup version 10.5 CA Server/Business Protection Suite version r2

Description The issue allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed. This is related to the Tape Engine service.

Recommendations For CA BrightStor ARCserve Backup versions 9.01 through 11.5, consider disabling the Tape Engine service until a patch is available. For CA Enterprise Backup version 10.5, restrict access to the Tape Engine service to minimize the risk of exploitation. For CA Server/Business Protection Suite version r2, avoid using the opnum 0xBF in RPC requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.