JS/Exploit-ArcServe

This page shows details and results of our analysis on the malware JS/Exploit-ArcServe

Download Current DAT: 6616

Threat Detail

Malware Type: Trojan

Malware Sub-type: Exploit

Discovery Date: 2008-03-19

Next Steps:

Overview
Characteristics
Symptoms
Method of Infection
Removal

Overview

JS/Exploit-ArcServe is a generic detection for CA BrightStor ARCserve Backup ListCtrl ActiveX Control buffer overflow vulnerability.

Minimum DAT

5255 (2008-03-19)

Updated DAT

5255 (2008-03-19)

Minimum Engine

5.1.00

File Length

varies

Description Added

2008-03-19

Description Modified

2008-03-27

Malware Proliferation

Characteristics

JS/Exploit-ArcServe is a generic detection for CA BrightStor ARCserve Backup ListCtrl ActiveX Control buffer overflow vulnerability.

The buffer overflow occurs while supplying a long string as a parameter to the AddColumn function. This vulnerability could be exploited by a malicious user to cause remote code execution.

Symptoms

This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code. Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat. However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.

Additionally some exploits simply cause Internet Explorer to crash and nothing more.

Method of Infection

This threat could be delivered via an email message, IM or an infectious web page.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.