Vulnerability Name:

CVE-2008-1786 (CCN-41853)

Assigned:2008-04-15
Published:2008-04-15
Updated:2018-10-11
Summary:The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: CA Security Response Blog, 2008-04-15
CA DSM gui_cm_ctrls ActiveX Control Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx

Source: MITRE
Type: CNA
CVE-2008-1786

Source: CCN
Type: SA29837
CA Products DSM gui_cm_ctrls ActiveX Control Code Execution

Source: SECUNIA
Type: Vendor Advisory
29837

Source: CCN
Type: SECTRACK ID: 1019872
CA ARCserve Backup for Laptops and Desktops Bug in gui_cm_ctrls ActiveX Control Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: US-CERT VU#684883
CA Unicenter DSM ITRM Legends ActiveX integer overflow

Source: CERT-VN
Type: US Government Resource
VU#684883

Source: CCN
Type: OSVDB ID: 44423
CA Multiple Products DSM gui_cm_ctrls ActiveX (gui_cm_ctrls.ocx) Crafted Function Arguments Arbitrary Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20080416 CA DSM gui_cm_ctrls ActiveX Control Vulnerability

Source: BID
Type: Patch
28809

Source: CCN
Type: BID-28809
Computer Associates DSM 'gui_cm_ctrls.ocx' ActiveX Control Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019872

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1249

Source: XF
Type: UNKNOWN
ca-dsmguicmctrls-code-execution(41853)

Source: XF
Type: UNKNOWN
ca-dsmguicmctrls-code-execution(41853)

Source: CCN
Type: CA SupportConnect Web site
Security Notice for CA products using the DSM gui_cm_ctrls ActiveX control

Source: CONFIRM
Type: Patch, Vendor Advisory
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256

Vulnerable Configuration:Configuration 1:
  • cpe:/a:computer_associates:arcserve_backup_laptops_and_desktops:r11.5:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:desktop_and_server_management:r11.1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:desktop_and_server_management:r11.2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:desktop_and_server_management:r11.2a:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:desktop_and_server_management:r11.2c1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:desktop_and_server_management:r11.2c2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:desktop_management_suite:r11.2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:desktop_management_suite:r11.2a:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:desktop_management_suite:r11.2c1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:desktop_management_suite:r11.2c2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_asset_management:r11.1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_asset_management:r11.2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_asset_management:r11.2a:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_asset_management:r11.2c1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_asset_management:r11.2c2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_desktop_management_bundle:r11.1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_desktop_management_bundle:r11.2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_desktop_management_bundle:r11.2a:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_desktop_management_bundle:r11.2c1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_desktop_management_bundle:r11.2c2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_remote_control:r11.1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_remote_control:r11.2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_remote_control:r11.2a:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_remote_control:r11.2c1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_remote_control:r11.2c2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_software_delivery:r11.1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_software_delivery:r11.2:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_software_delivery:r11.2a:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_software_delivery:r11.2c1:*:*:*:*:*:*:*
  • OR cpe:/a:computer_associates:unicenter_software_delivery:r11.2c2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    computer_associates arcserve backup laptops and desktops r11.5
    computer_associates desktop and server management r11.1
    computer_associates desktop and server management r11.2
    computer_associates desktop and server management r11.2a
    computer_associates desktop and server management r11.2c1
    computer_associates desktop and server management r11.2c2
    computer_associates desktop management suite r11.2
    computer_associates desktop management suite r11.2a
    computer_associates desktop management suite r11.2c1
    computer_associates desktop management suite r11.2c2
    computer_associates unicenter asset management r11.1
    computer_associates unicenter asset management r11.2
    computer_associates unicenter asset management r11.2a
    computer_associates unicenter asset management r11.2c1
    computer_associates unicenter asset management r11.2c2
    computer_associates unicenter desktop management bundle r11.1
    computer_associates unicenter desktop management bundle r11.2
    computer_associates unicenter desktop management bundle r11.2a
    computer_associates unicenter desktop management bundle r11.2c1
    computer_associates unicenter desktop management bundle r11.2c2
    computer_associates unicenter remote control r11.1
    computer_associates unicenter remote control r11.2
    computer_associates unicenter remote control r11.2a
    computer_associates unicenter remote control r11.2c1
    computer_associates unicenter remote control r11.2c2
    computer_associates unicenter software delivery r11.1
    computer_associates unicenter software delivery r11.2
    computer_associates unicenter software delivery r11.2a
    computer_associates unicenter software delivery r11.2c1
    computer_associates unicenter software delivery r11.2c2
    ca brightstor arcserve backup laptops desktops 11.5
    ca desktop management suite 11.2