CVE-2008-1472

Sažetak

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

Reference

http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
http://secunia.com/advisories/29408
http://www.securityfocus.com/archive/1/489893/100/0/threaded
http://www.securityfocus.com/archive/1/490263/100/0/threaded
http://www.securityfocus.com/bid/28268
http://www.securitytracker.com/id?1019617
http://www.vupen.com/english/advisories/2008/0902/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41225
https://www.exploit-db.com/exploits/5264

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-10-2018 - 20:34

Objavljeno

24-03-2008 - 22:44