CVE-2011-1719

Name of the Vulnerable Software and Affected Versions CA Output Management Web Viewer versions 11.0 through 11.5

Description The issue is related to multiple stack-based buffer overflows in the Web Viewer ActiveX controls. This can be exploited by remote attackers to execute arbitrary code. The exploitation can occur through a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before version 1.0.0.7, or a long Title property value to the UOMWV Helper ActiveX control in UOMWV HelperActiveX.ocx before version 11.5.0.1.

Recommendations For CA Output Management Web Viewer versions 11.0 through 11.5, update the PPSView.ocx to version 1.0.0.7 or later and update the UOMWV HelperActiveX.ocx to version 11.5.0.1 or later. As a temporary workaround, consider restricting access to the PPSViewer and UOMWV Helper ActiveX controls until the issue is resolved.