Vulnerability CVE-2008-1472


Published: 2008-03-24   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Unicenter -> Asset management 
Unicenter -> Desktop management bundle 
Unicenter -> Remote control 
Unicenter -> Software delivery 
Computer associates -> Brightstor arcserve backup laptops desktops 
Computer associates -> Desktop management suite 
Computer associates -> Unicenter dsm r11 list control atx 

 References:
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
http://www.securityfocus.com/archive/1/489893/100/0/threaded
http://www.securityfocus.com/archive/1/490263/100/0/threaded
http://www.securityfocus.com/bid/28268
http://www.securitytracker.com/id?1019617
http://www.vupen.com/english/advisories/2008/0902/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41225
https://www.exploit-db.com/exploits/5264

Copyright 2024, cxsecurity.com

 

Back to Top