PT-2008-3039 · Ca · Ca Unicenter+2
H07
+1
·
Published
2008-03-24
·
Updated
2018-10-11
·
CVE-2008-1472
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
CA BrightStor ARCserve Backup version R11.5
CA Desktop Management Suite versions r11.1 through r11.2
CA Unicenter products versions r11.1 through r11.2
Description
A stack-based buffer overflow issue exists in the ListCtrl ActiveX Control, which is used in multiple CA products. This issue can be exploited by remote attackers to execute arbitrary code or cause a denial of service via a long argument to the
AddColumn method.Recommendations
For CA BrightStor ARCserve Backup version R11.5, update to a version that includes a fix for this issue.
For CA Desktop Management Suite versions r11.1 through r11.2, update to a version that includes a fix for this issue.
For CA Unicenter products versions r11.1 through r11.2, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to the
AddColumn method in the ListCtrl ActiveX Control until a patch is available.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ca Brightstor Arcserve Backup
Ca Desktop Management Suite
Ca Unicenter