PT-2008-3324 · Ca · Ca Unicenter+3
Published
2008-04-16
·
Updated
2018-10-11
·
CVE-2008-1786
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
CA BrightStor ARCServe Backup for Laptops and Desktops version r11.5
CA Desktop Management Suite versions r11.1 through r11.2 C2
CA Unicenter versions r11.1 through r11.2 C2
CA Desktop and Server Management versions r11.1 through r11.2 C2
Description
The issue allows remote attackers to execute arbitrary code via crafted function arguments in the DSM gui cm ctrls ActiveX control.
Recommendations
For CA BrightStor ARCServe Backup for Laptops and Desktops version r11.5, update to a version that does not use the vulnerable gui cm ctrls ActiveX control.
For CA Desktop Management Suite versions r11.1 through r11.2 C2, update to a version that does not use the vulnerable gui cm ctrls ActiveX control.
For CA Unicenter versions r11.1 through r11.2 C2, update to a version that does not use the vulnerable gui cm ctrls ActiveX control.
For CA Desktop and Server Management versions r11.1 through r11.2 C2, update to a version that does not use the vulnerable gui cm ctrls ActiveX control.
As a temporary workaround, consider disabling the gui cm ctrls ActiveX control until a patch is available.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ca Brightstor Arcserve Backup For Laptops/Desktops
Ca Desktop Management Suite
Ca Desktop/Server Management
Ca Unicenter