Vulnerability CVE-2008-1472 - CERT Civis.Net

Vulnerability Name:

CVE-2008-1472 (CCN-41225)

Assigned:

2008-03-16

Published:

2008-03-16

Updated:

2018-10-11

Summary:

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Full-Disclosure Mailing List, Fri Mar 28 2008 - 08:17:43 CDT
CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx

Source: MITRE
Type: CNA
CVE-2008-1472

Source: CCN
Type: SA29408
CA BrightStor ARCserve Backup "ListCtrl" ActiveX Control Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
29408

Source: CCN
Type: SECTRACK ID: 1019617
CA ARCserve Backup for Laptops and Desktops Buffer Overflow in AddColumn() Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: OSVDB ID: 43214
CA Multiple Products DSM ListCtrl ActiveX (ListCtrl.ocx) AddColumn() Method Overflow

Source: BUGTRAQ
Type: UNKNOWN
20080320 Note about recently publicized CA BrightStor ActiveX exploit code

Source: BUGTRAQ
Type: UNKNOWN
20080328 CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability

Source: BID
Type: Exploit
28268

Source: CCN
Type: BID-28268
CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019617

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0902

Source: XF
Type: UNKNOWN
ca-arcserve-listctrl-bo(41225)

Source: XF
Type: UNKNOWN
ca-arcserve-listctrl-bo(41225)

Source: CCN
Type: CA Web site
CA products using the DSM ListCtrl ActiveX control Security Notice

Source: EXPLOIT-DB
Type: UNKNOWN
5264

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [03-16-2008]
CA BrightStor ARCserve Backup AddColumn() ActiveX Buffer Overflow

Vulnerable Configuration:

Configuration 1:

cpe:/a:computer_associates:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*

OR cpe:/a:computer_associates:desktop_management_suite:r11.1:a:*:*:*:*:*:*

OR cpe:/a:computer_associates:desktop_management_suite:r11.1:c1:*:*:*:*:*:*

OR cpe:/a:computer_associates:desktop_management_suite:r11.1:ga:*:*:*:*:*:*

OR cpe:/a:computer_associates:desktop_management_suite:r11.2:*:*:*:*:*:*:*

OR cpe:/a:computer_associates:unicenter_dsm_r11_list_control_atx:11.2.3.1895:*:*:*:*:*:*:*

OR cpe:/a:unicenter:asset_management:r11.1:a:*:*:*:*:*:*

OR cpe:/a:unicenter:asset_management:r11.1:c1:*:*:*:*:*:*

OR cpe:/a:unicenter:asset_management:r11.1:ga:*:*:*:*:*:*

OR cpe:/a:unicenter:asset_management:r11.2:*:*:*:*:*:*:*

OR cpe:/a:unicenter:asset_management:r11.2:a:*:*:*:*:*:*

OR cpe:/a:unicenter:asset_management:r11.2:c1:*:*:*:*:*:*

OR cpe:/a:unicenter:desktop_management_bundle:r11.1:a:*:*:*:*:*:*

OR cpe:/a:unicenter:desktop_management_bundle:r11.1:c1:*:*:*:*:*:*

OR cpe:/a:unicenter:desktop_management_bundle:r11.1:ga:*:*:*:*:*:*

OR cpe:/a:unicenter:desktop_management_bundle:r11.2:*:*:*:*:*:*:*

OR cpe:/a:unicenter:desktop_management_bundle:r11.2:a:*:*:*:*:*:*

OR cpe:/a:unicenter:desktop_management_bundle:r11.2:c1:*:*:*:*:*:*

OR cpe:/a:unicenter:remote_control:r11.1:a:*:*:*:*:*:*

OR cpe:/a:unicenter:remote_control:r11.1:c1:*:*:*:*:*:*

OR cpe:/a:unicenter:remote_control:r11.1:ga:*:*:*:*:*:*

OR cpe:/a:unicenter:remote_control:r11.2:*:*:*:*:*:*:*

OR cpe:/a:unicenter:remote_control:r11.2:a:*:*:*:*:*:*

OR cpe:/a:unicenter:remote_control:r11.2:c1:*:*:*:*:*:*

OR cpe:/a:unicenter:software_delivery:r11.1:a:*:*:*:*:*:*

OR cpe:/a:unicenter:software_delivery:r11.1:c1:*:*:*:*:*:*

OR cpe:/a:unicenter:software_delivery:r11.1:ga:*:*:*:*:*:*

OR cpe:/a:unicenter:software_delivery:r11.2:*:*:*:*:*:*:*

OR cpe:/a:unicenter:software_delivery:r11.2:a:*:*:*:*:*:*

OR cpe:/a:unicenter:software_delivery:r11.2:c1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*

OR cpe:/a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*

Denotes that component is vulnerable