CERTA-2008-AVI-212
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans un contrôle ActiveX présent dans des produits Computer Associates permet l'exécution de code arbitraire à distance.
Description
Une vulnérabilité a été découverte dans le contrôle ActiveX DSM gui_cm_ctrls présent dans de nombreux produits Computer Associates. L'exploitation de cette vulnérabilité permet l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | CA Desktop Management Suite r11.2a ; | ||
| N/A | N/A | Unicenter Software Delivery r11.2 C1 ; | ||
| N/A | N/A | Unicenter Remote Control r11.2a ; | ||
| N/A | N/A | CA Desktop and Server Management r11.2a ; | ||
| N/A | N/A | CA Desktop Management Suite r11.1 (GA, a, C1) ; | ||
| N/A | N/A | Unicenter Asset Management r11.2 C1 ; | ||
| N/A | N/A | CA Desktop and Server Management r11.2 ; | ||
| N/A | N/A | CA Desktop and Server Management r11.1 (GA, a, C1) ; | ||
| N/A | N/A | Unicenter Software Delivery r11.2 ; | ||
| N/A | N/A | Unicenter Asset Management r11.2a ; | ||
| N/A | N/A | BrightStor ARCServe Backup for Laptops and Desktops r11.5 ; | ||
| N/A | N/A | Unicenter Desktop Management Bundle r11.2a ; | ||
| N/A | N/A | Unicenter Desktop Management Bundle r11.2 ; | ||
| N/A | N/A | Unicenter Asset Management r11.2 C2 ; | ||
| N/A | N/A | Unicenter Asset Management r11.1 (GA, a, C1) ; | ||
| N/A | N/A | CA Desktop Management Suite r11.2 C2 ; | ||
| N/A | N/A | Unicenter Remote Control r11.1 (GA, a, C1) ; | ||
| N/A | N/A | CA Desktop and Server Management r11.2 C2 ; | ||
| N/A | N/A | Unicenter Remote Control r11.2 C2 ; | ||
| N/A | N/A | CA Desktop and Server Management r11.2 C1 ; | ||
| N/A | N/A | CA Desktop Management Suite r11.2 C1 ; | ||
| N/A | N/A | Unicenter Desktop Management Bundle r11.1 (GA, a, C1) ; | ||
| N/A | N/A | Unicenter Remote Control r11.2 ; | ||
| N/A | N/A | Unicenter Remote Control r11.2 C1 ; | ||
| N/A | N/A | Unicenter Software Delivery r11.2a ; | ||
| N/A | N/A | Unicenter Asset Management r11.2 ; | ||
| N/A | N/A | Unicenter Software Delivery r11.1 (GA, a, C1) ; | ||
| N/A | N/A | Unicenter Software Delivery r11.2 C2 ; | ||
| N/A | N/A | CA Desktop Management Suite r11.2 ; | ||
| N/A | N/A | Unicenter Desktop Management Bundle r11.2 C2 ; | ||
| N/A | N/A | Unicenter Desktop Management Bundle r11.2 C1 ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CA Desktop Management Suite r11.2a ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Software Delivery r11.2 C1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Remote Control r11.2a ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Desktop and Server Management r11.2a ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Desktop Management Suite r11.1 (GA, a, C1) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Asset Management r11.2 C1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Desktop and Server Management r11.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Desktop and Server Management r11.1 (GA, a, C1) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Software Delivery r11.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Asset Management r11.2a ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCServe Backup for Laptops and Desktops r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Desktop Management Bundle r11.2a ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Desktop Management Bundle r11.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Asset Management r11.2 C2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Asset Management r11.1 (GA, a, C1) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Desktop Management Suite r11.2 C2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Remote Control r11.1 (GA, a, C1) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Desktop and Server Management r11.2 C2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Remote Control r11.2 C2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Desktop and Server Management r11.2 C1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Desktop Management Suite r11.2 C1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Desktop Management Bundle r11.1 (GA, a, C1) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Remote Control r11.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Remote Control r11.2 C1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Software Delivery r11.2a ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Asset Management r11.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Software Delivery r11.1 (GA, a, C1) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Software Delivery r11.2 C2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Desktop Management Suite r11.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Desktop Management Bundle r11.2 C2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Desktop Management Bundle r11.2 C1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le contr\u00f4le ActiveX DSM\ngui_cm_ctrls pr\u00e9sent dans de nombreux produits Computer Associates.\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1786"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 15 avril 2008 :",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256"
}
],
"reference": "CERTA-2008-AVI-212",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans un contr\u00f4le \u003cspan class=\"textit\"\u003eActiveX\u003c/span\u003e\npr\u00e9sent dans des produits \u003cspan class=\"textit\"\u003eComputer\nAssociates\u003c/span\u003e permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans divers produits Computer Associates",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CA du 15 avril 2008",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…