Computer Associates International (CA) has released software patches that fix a critical vulnerability in the company's BrightStor ARCserve Backup and Enterprise Backup agents.
The vulnerability, which was first discovered by security research firm iDefense, could allow attackers to take control of a system running the software. It could also be used as the basis of a denial of service attack, according to an advisory published Tuesday by CA.
The bug affects versions 9.01, 11 and 11.1 of ARCserve Backup for the Windows operating system, and version 10.0 and 10.5 of Enterprise Backup for Windows.
Proof of concept exploits for the vulnerability have been published on the French Security Incident Response Team's Web site, which rates it as "critical."
CA recommends that users of its backup software install patches, which can be found here.