FKIE_CVE-2008-1472

Vulnerability from fkie_nvd - Published: 2008-03-24 22:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
References
cve@mitre.orghttp://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
cve@mitre.orghttp://secunia.com/advisories/29408Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/489893/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/490263/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/28268Exploit
cve@mitre.orghttp://www.securitytracker.com/id?1019617
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0902/referencesVendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41225
cve@mitre.orghttps://www.exploit-db.com/exploits/5264
af854a3a-2127-422b-91ae-364da2661108http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29408Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/489893/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/490263/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28268Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019617
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0902/referencesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41225
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/5264
Impacted products
Vendor Product Version
computer_associates brightstor_arcserve_backup_laptops_desktops 11.5
computer_associates desktop_management_suite r11.1
computer_associates desktop_management_suite r11.1
computer_associates desktop_management_suite r11.1
computer_associates desktop_management_suite r11.2
computer_associates unicenter_dsm_r11_list_control_atx 11.2.3.1895
unicenter asset_management r11.1
unicenter asset_management r11.1
unicenter asset_management r11.1
unicenter asset_management r11.2
unicenter asset_management r11.2
unicenter asset_management r11.2
unicenter desktop_management_bundle r11.1
unicenter desktop_management_bundle r11.1
unicenter desktop_management_bundle r11.1
unicenter desktop_management_bundle r11.2
unicenter desktop_management_bundle r11.2
unicenter desktop_management_bundle r11.2
unicenter remote_control r11.1
unicenter remote_control r11.1
unicenter remote_control r11.1
unicenter remote_control r11.2
unicenter remote_control r11.2
unicenter remote_control r11.2
unicenter software_delivery r11.1
unicenter software_delivery r11.1
unicenter software_delivery r11.1
unicenter software_delivery r11.2
unicenter software_delivery r11.2
unicenter software_delivery r11.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:computer_associates:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB967E4-2CE5-4283-A798-2C083AFB5B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:computer_associates:desktop_management_suite:r11.1:a:*:*:*:*:*:*",
              "matchCriteriaId": "B8FAF118-7DCB-4F6E-8645-102ED226828B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:computer_associates:desktop_management_suite:r11.1:c1:*:*:*:*:*:*",
              "matchCriteriaId": "04E5D3CF-9015-4D84-A498-25120C4DDC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:computer_associates:desktop_management_suite:r11.1:ga:*:*:*:*:*:*",
              "matchCriteriaId": "0BC9155B-394F-4DB0-ACEE-CFF62E03A44A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:computer_associates:desktop_management_suite:r11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBE5366-CEDA-4CF2-9625-13E9D9E93B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:computer_associates:unicenter_dsm_r11_list_control_atx:11.2.3.1895:*:*:*:*:*:*:*",
              "matchCriteriaId": "C68A1807-ED3A-4E7B-84BF-BB6AD0916174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:asset_management:r11.1:a:*:*:*:*:*:*",
              "matchCriteriaId": "21C1E9A1-00F4-4866-9899-D644BD1E6E65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:asset_management:r11.1:c1:*:*:*:*:*:*",
              "matchCriteriaId": "7A89E3C3-861F-41DE-B46C-776E4BDC6F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:asset_management:r11.1:ga:*:*:*:*:*:*",
              "matchCriteriaId": "170FCD6A-792C-452D-97E3-FE9A354D95D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:asset_management:r11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9F9C9B-CD0E-42B6-B654-EE9E16A93790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:asset_management:r11.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "EBD24EBE-2942-4A0D-9481-FEC5BE9C94C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:asset_management:r11.2:c1:*:*:*:*:*:*",
              "matchCriteriaId": "80486731-420B-4B2F-B2C3-B40E0C57ACFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:desktop_management_bundle:r11.1:a:*:*:*:*:*:*",
              "matchCriteriaId": "D4E67182-4AC8-4094-AC4F-815E40AE82E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:desktop_management_bundle:r11.1:c1:*:*:*:*:*:*",
              "matchCriteriaId": "E2A6834E-2E6C-4DC6-B8F7-BB3FE643BE5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:desktop_management_bundle:r11.1:ga:*:*:*:*:*:*",
              "matchCriteriaId": "1D4976C0-DF5F-4A7E-AEC1-6C90E82F5047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:desktop_management_bundle:r11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C03C0146-12CF-437E-B13A-C13FC06EC0F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:desktop_management_bundle:r11.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "C2FE92F0-0F01-455F-8A13-1FC8E65F2117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:desktop_management_bundle:r11.2:c1:*:*:*:*:*:*",
              "matchCriteriaId": "078BC506-4092-4FE4-8AD2-1DDD92848852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:remote_control:r11.1:a:*:*:*:*:*:*",
              "matchCriteriaId": "B1607DE7-0078-4BF3-8E28-59F1CBC7775A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:remote_control:r11.1:c1:*:*:*:*:*:*",
              "matchCriteriaId": "F0834E9C-2B65-4AB9-B4A7-410282967975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:remote_control:r11.1:ga:*:*:*:*:*:*",
              "matchCriteriaId": "71B90EAA-275B-4E9E-B254-C4EC8158939F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:remote_control:r11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C3338E5-87AC-4D7C-96EF-38A8B43D0060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:remote_control:r11.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "CCD51973-2876-44AD-8FC5-0469267E71C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:remote_control:r11.2:c1:*:*:*:*:*:*",
              "matchCriteriaId": "860B437B-5C99-421D-BAAE-56F583DAA532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:software_delivery:r11.1:a:*:*:*:*:*:*",
              "matchCriteriaId": "7AF37FA7-6556-49FC-B7C9-D5530BDA00D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:software_delivery:r11.1:c1:*:*:*:*:*:*",
              "matchCriteriaId": "92EBC724-75AB-4201-AD97-1A05A7F46941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:software_delivery:r11.1:ga:*:*:*:*:*:*",
              "matchCriteriaId": "50BCB284-7A16-4EAE-A8DF-9C432CD71490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:software_delivery:r11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "174BBEAB-EE21-4CBC-BE54-E51A4DD95D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:software_delivery:r11.2:a:*:*:*:*:*:*",
              "matchCriteriaId": "57EC5134-D419-44A2-885C-72CB7724F0E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:unicenter:software_delivery:r11.2:c1:*:*:*:*:*:*",
              "matchCriteriaId": "4CDB0DF2-6160-4059-B379-78E45B4E8D4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el control ActiveX ListCtrl (ListCtrl.ocx), como es usado en varios productos de CA, incluyendo BrightStor ARCserve Backup versi\u00f3n R11.5, Desktop Management Suite versiones r11.1 hasta r11.2 y productos Unicenter versiones r11.1 hasta r11. 2, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo) por medio de un argumento largo en el m\u00e9todo AddColumn."
    }
  ],
  "id": "CVE-2008-1472",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-24T22:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29408"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489893/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/490263/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/28268"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019617"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0902/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41225"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489893/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490263/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/28268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0902/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5264"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.