CVE-2008-1472

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
computer_associatesbrightstor_arcserve_backup_laptops_desktops
11.5
computer_associatesdesktop_management_suite
r11.1:a
computer_associatesdesktop_management_suite
r11.1:c1
computer_associatesdesktop_management_suite
r11.1:ga
computer_associatesdesktop_management_suite
r11.2
computer_associatesunicenter_dsm_r11_list_control_atx
11.2.3.1895
unicenterasset_management
r11.1:a
unicenterasset_management
r11.1:c1
unicenterasset_management
r11.1:ga
unicenterasset_management
r11.2
unicenterasset_management
r11.2:a
unicenterasset_management
r11.2:c1
unicenterdesktop_management_bundle
r11.1:a
unicenterdesktop_management_bundle
r11.1:c1
unicenterdesktop_management_bundle
r11.1:ga
unicenterdesktop_management_bundle
r11.2
unicenterdesktop_management_bundle
r11.2:a
unicenterdesktop_management_bundle
r11.2:c1
unicenterremote_control
r11.1:a
unicenterremote_control
r11.1:c1
unicenterremote_control
r11.1:ga
unicenterremote_control
r11.2
unicenterremote_control
r11.2:a
unicenterremote_control
r11.2:c1
unicentersoftware_delivery
r11.1:a
unicentersoftware_delivery
r11.1:c1
unicentersoftware_delivery
r11.1:ga
unicentersoftware_delivery
r11.2
unicentersoftware_delivery
r11.2:a
unicentersoftware_delivery
r11.2:c1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
http://secunia.com/advisories/29408
http://www.securityfocus.com/archive/1/489893/100/0/threaded
http://www.securityfocus.com/archive/1/490263/100/0/threaded
http://www.securityfocus.com/bid/28268
http://www.securitytracker.com/id?1019617
http://www.vupen.com/english/advisories/2008/0902/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41225
https://www.exploit-db.com/exploits/5264
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
http://secunia.com/advisories/29408
http://www.securityfocus.com/archive/1/489893/100/0/threaded
http://www.securityfocus.com/archive/1/490263/100/0/threaded
http://www.securityfocus.com/bid/28268
http://www.securitytracker.com/id?1019617
http://www.vupen.com/english/advisories/2008/0902/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41225
https://www.exploit-db.com/exploits/5264