Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1786

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1786
Last Modified 11 Jul 2011 12:00:00
Published 16 Apr 2008 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1786

Summary

The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.

Vulnerable Systems

Application

  • Computer Associates Arcserve Backup Laptops And Desktops R11.5

  • Computer Associates Desktop And Server Management R11.1

  • Computer Associates Desktop And Server Management R11.2

  • Computer Associates Desktop And Server Management R11.2a

  • Computer Associates Desktop And Server Management R11.2c1

  • Computer Associates Desktop And Server Management R11.2c2

  • Computer Associates Desktop Management Suite R11.2

  • Computer Associates Desktop Management Suite R11.2a

  • Computer Associates Desktop Management Suite R11.2c1

  • Computer Associates Desktop Management Suite R11.2c2

  • Computer Associates Unicenter Asset Management R11.1

  • Computer Associates Unicenter Asset Management R11.2

  • Computer Associates Unicenter Asset Management R11.2a

  • Computer Associates Unicenter Asset Management R11.2c1

  • Computer Associates Unicenter Asset Management R11.2c2

  • Computer Associates Unicenter Desktop Management Bundle R11.1

  • Computer Associates Unicenter Desktop Management Bundle R11.2

  • Computer Associates Unicenter Desktop Management Bundle R11.2a

  • Computer Associates Unicenter Desktop Management Bundle R11.2c1

  • Computer Associates Unicenter Desktop Management Bundle R11.2c2

  • Computer Associates Unicenter Remote Control R11.1

  • Computer Associates Unicenter Remote Control R11.2

  • Computer Associates Unicenter Remote Control R11.2a

  • Computer Associates Unicenter Remote Control R11.2c1

  • Computer Associates Unicenter Remote Control R11.2c2

  • Computer Associates Unicenter Software Delivery R11.1

  • Computer Associates Unicenter Software Delivery R11.2

  • Computer Associates Unicenter Software Delivery R11.2a

  • Computer Associates Unicenter Software Delivery R11.2c1

  • Computer Associates Unicenter Software Delivery R11.2c2


References

CERT-VN - VU#684883

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256

BID - 28809

CONFIRM - http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx

XF - ca-dsmguicmctrls-code-execution(41853)

VUPEN - ADV-2008-1249

SECTRACK - 1019872

BUGTRAQ - 20080416 CA DSM gui_cm_ctrls ActiveX Control Vulnerability

SECUNIA - 29837


Last Updated: 27 May 2016 10:47:39