Intrusion Prevention

CA.BrightStor.ARCserve.Backup.AddColumn.ActiveX.Buffer.Overflow

Description

This indicates an attempt to exploit the buffer-overflow vulnerability in CA BrightStor.
The vulnerabilities are in the "LISTCTRL.ListCtrlCtrl.1" ActiveX control in ListCtrl.ocx. It results from the application's failure to bounds check user supplied input, leading to a buffer overflow. As a result, a remote attacker may be able to execute arbitrary code and gain control of vulnerable systems.

Affected Products

BrightStor ARCServe Backup for Laptops and Desktops r11.5
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2
Unicenter Remote Control r11.1 (GA, a, C1)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround:
https://support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/common/DSM_ListCtr_secnot.html

CVE References

CVE-2008-1472