 |
Name:
CA.BrightStor.ARCserve.AddColum.ActiveX.Buffer.Ove
|
Released Date:
May 23 2008
|
Severity:
critical
|
CVE:
2008-1472
|
|
|
Bugtraq:
28268
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates a possible attempt to exploit a buffer-overflow vulnerability in CA BrightStor.
The vulnerabilities are in the "LISTCTRL.ListCtrlCtrl.1" ActiveX control in ListCtrl.ocx. It results from the application's failure to bounds-check user-supplied input, leading to a buffer overflow. As a result, a remote attacker may be able to execute arbitrary code and gain control of vulnerable systems.
|
|
|
|
Impact
|
|
System Compromise: remote code execution.
|
|
|
|
Affected Products
|
BrightStor ARCServe Backup for Laptops and Desktops r11.5
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2
Unicenter Remote Control r11.1 (GA, a, C1)
|
|
Aliases
|
|
References
|
http://www.securityfocus.com/bid/28268
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1472
|
|
Recommended Actions
|
|
See vendor's recommendation at https://support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/common/DSM_ListCtr_secnot.html
|
|
