Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1472

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1472
Last Modified 01 Aug 2011 12:00:00
Published 24 Mar 2008 06:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1472

Summary

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

Vulnerable Systems

Application

  • Computer Associates Brightstor Arcserve Backup Laptops Desktops 11.5

  • Computer Associates Desktop Management Suite R11.1

  • Computer Associates Desktop Management Suite R11.2

  • Computer Associates Unicenter Dsm R11 List Control Atx 11.2.3.1895

  • Unicenter Asset Management R11.1

  • Unicenter Asset Management R11.2

  • Unicenter Desktop Management Bundle R11.1

  • Unicenter Desktop Management Bundle R11.2

  • Unicenter Remote Control R11.1

  • Unicenter Remote Control R11.2

  • Unicenter Software Delivery R11.1

  • Unicenter Software Delivery R11.2


References

XF - ca-arcserve-listctrl-bo(41225)

VUPEN - ADV-2008-0902

SECTRACK - 1019617

BID - 28268

BUGTRAQ - 20080328 CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability

BUGTRAQ - 20080320 Note about recently publicized CA BrightStor ActiveX exploit code

MILW0RM - 5264

SECUNIA - 29408

CONFIRM - http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx


Last Updated: 27 May 2016 10:47:08