CVE-2008-1472

Name of the Vulnerable Software and Affected Versions CA BrightStor ARCserve Backup version R11.5 CA Desktop Management Suite versions r11.1 through r11.2 CA Unicenter products versions r11.1 through r11.2

Description A stack-based buffer overflow issue exists in the ListCtrl ActiveX Control, which is used in multiple CA products. This issue can be exploited by remote attackers to execute arbitrary code or cause a denial of service via a long argument to the AddColumn method.

Recommendations For CA BrightStor ARCserve Backup version R11.5, update to a version that includes a fix for this issue. For CA Desktop Management Suite versions r11.1 through r11.2, update to a version that includes a fix for this issue. For CA Unicenter products versions r11.1 through r11.2, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the AddColumn method in the ListCtrl ActiveX Control until a patch is available.