Vulnerability CVE-2008-1472


Published: 2008-03-24   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Unicenter
Product: Asset management 
Version: r11.2; r11.1;
Product: Desktop management bundle 
Version: r11.2; r11.1;
Product: Remote control 
Version: r11.2; r11.1;
Product: Software delivery 
Version: r11.2; r11.1;
Vendor: Computer associates
Product: Desktop management suite 
Version: r11.2; r11.1;
Product: Brightstor arcserve backup laptops desktops 
Version: 11.5;
Product: Unicenter dsm r11 list control atx 
Version: 11.2.3.1895;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
http://www.securityfocus.com/archive/1/489893/100/0/threaded
http://www.securityfocus.com/archive/1/490263/100/0/threaded
http://www.securityfocus.com/bid/28268
http://www.securitytracker.com/id?1019617
http://www.vupen.com/english/advisories/2008/0902/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41225
https://www.exploit-db.com/exploits/5264

Related CVE
CVE-2008-3174
Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related t...
CVE-2008-1786
The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Deskt...
CVE-2008-1328
Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."
CVE-2008-1329
Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploa...

Copyright 2019, cxsecurity.com

 

Back to Top