Computer Associates (CA) has released software patches that fix a critical vulnerability in its BrightStor ARCserve Backup and Enterprise Backup agents.

The vulnerability, first discovered by iDefense, could allow attackers to take control of a system running the software. It could also be used as the basis of a denial of service attack, according to a CA advisory.

The bug affects versions 9.01, 11 and 11.1 of ARCserve Backup for the Windows operating system, and version 10.0 and 10.5 of Enterprise Backup for Windows.

Proof of concept exploits for the vulnerability have been published on the French Security Incident Response Team's Web site, which rates it as "critical."

CA recommends that users of its backup software install patches.