Vulnerability Description
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Computer Associates | Brightstor Arcserve Backup Laptops Desktops | 11.5 |
| Computer Associates | Desktop Management Suite | r11.1 |
| Computer Associates | Unicenter Dsm R11 List Control Atx | 11.2.3.1895 |
| Unicenter | Asset Management | r11.1 |
| Unicenter | Desktop Management Bundle | r11.1 |
| Unicenter | Remote Control | r11.1 |
| Unicenter | Software Delivery | r11.1 |
Related Weaknesses (CWE)
References
- http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
- http://secunia.com/advisories/29408Vendor Advisory
- http://www.securityfocus.com/archive/1/489893/100/0/threaded
- http://www.securityfocus.com/archive/1/490263/100/0/threaded
- http://www.securityfocus.com/bid/28268Exploit
- http://www.securitytracker.com/id?1019617
- http://www.vupen.com/english/advisories/2008/0902/referencesVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41225
- https://www.exploit-db.com/exploits/5264
- http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
- http://secunia.com/advisories/29408Vendor Advisory
- http://www.securityfocus.com/archive/1/489893/100/0/threaded
- http://www.securityfocus.com/archive/1/490263/100/0/threaded
- http://www.securityfocus.com/bid/28268Exploit
- http://www.securitytracker.com/id?1019617
FAQ
What is CVE-2008-1472?
CVE-2008-1472 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, an...
How severe is CVE-2008-1472?
CVE-2008-1472 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1472?
Check the references section above for vendor advisories and patch information. Affected products include: Computer Associates Brightstor Arcserve Backup Laptops Desktops, Computer Associates Desktop Management Suite, Computer Associates Unicenter Dsm R11 List Control Atx, Unicenter Asset Management, Unicenter Desktop Management Bundle.