PT-2008-3324 · Ca · Ca Unicenter+3
Publicado
2008-04-16
·
Atualizado
2018-10-11
·
CVE-2008-1786
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
CA BrightStor ARCServe Backup for Laptops and Desktops version r11.5
CA Desktop Management Suite versions r11.1 through r11.2 C2
CA Unicenter versions r11.1 through r11.2 C2
CA Desktop and Server Management versions r11.1 through r11.2 C2
Description
The issue allows remote attackers to execute arbitrary code via crafted function arguments in the DSM gui cm ctrls ActiveX control.
Recommendations
For CA BrightStor ARCServe Backup for Laptops and Desktops version r11.5, update to a version that does not use the vulnerable gui cm ctrls ActiveX control.
For CA Desktop Management Suite versions r11.1 through r11.2 C2, update to a version that does not use the vulnerable gui cm ctrls ActiveX control.
For CA Unicenter versions r11.1 through r11.2 C2, update to a version that does not use the vulnerable gui cm ctrls ActiveX control.
For CA Desktop and Server Management versions r11.1 through r11.2 C2, update to a version that does not use the vulnerable gui cm ctrls ActiveX control.
As a temporary workaround, consider disabling the gui cm ctrls ActiveX control until a patch is available.
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ca Brightstor Arcserve Backup For Laptops/Desktops
Ca Desktop Management Suite
Ca Desktop/Server Management
Ca Unicenter