Check Point Advisories

Update Protection against CA Multiple Products ActiveX Control Buffer Overflow Vulnerability

Check Point Reference: CPAI-2008-232
Date Published: 31 Oct 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: Secunia Advisory: SA29408
Industry Reference:CVE-2008-1472
Protection Provided by:
Who is Vulnerable? CA BrightStor ARCServe Backup for Laptops and Desktops 11.5
CA Desktop Management Suite 11.1 C1
CA Desktop Management Suite 11.1 GA
CA Desktop Management Suite 11.1a
CA Desktop Management Suite 11.2
CA Desktop Management Suite 11.2 C1
CA Desktop Management Suite 11.2a
CA Unicenter Asset Management 11.1 C1
CA Unicenter Asset Management 11.1 GA
CA Unicenter Asset Management 11.1a
CA Unicenter Asset Management 11.2
CA Unicenter Asset Management 11.2 C1
CA Unicenter Asset Management 11.2a
CA Unicenter Desktop Management Bundle 11.1 C1
CA Unicenter Desktop Management Bundle 11.1 GA
CA Unicenter Desktop Management Bundle 11.1a
CA Unicenter Desktop Management Bundle 11.2
CA Unicenter Desktop Management Bundle 11.2 C1
CA Unicenter Desktop Management Bundle 11.2a
CA Unicenter Remote Control 11.1 C1
CA Unicenter Remote Control 11.1 GA
CA Unicenter Remote Control 11.1a
CA Unicenter Remote Control 11.2
CA Unicenter Remote Control 11.2 C1
CA Unicenter Remote Control 11.2a
CA Unicenter Software Delivery 11.1 C1
CA Unicenter Software Delivery 11.1 GA
CA Unicenter Software Delivery 11.1a
CA Unicenter Software Delivery 11.2
CA Unicenter Software Delivery 11.2 C1
CA Unicenter Software Delivery 11.2a
Vulnerability Description A vulnerability was reported in multiple Computer Associates (CA) products. These products are all intended for enhancing corporate and client security. The vulnerability is due to insufficient boundary checking in the parameters passed to the affected ActiveX control installed by the products listed below. To exploit the vulnerability, the attacker needs to entice the target user to visit a malicious web page. Successful exploitation would cause buffer overflow that may allow for arbitrary code execution.
Vulnerability DetailsThe vulnerability mainly affects the following products:

• CA BrightStor ARCServe Backup for Laptops and Desktops
• CA Desktop Management Suite
• CA Unicenter Desktop Management Bundle
• CA Unicenter Software Deliver

By enticing a user to access a malicious Web page containing the crafted parameters, an attacker can trigger the vulnerability and execute remote code on the target system.  

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK