Alerts
Alerts
Zero-Day Tracker
Common Name:
CA Unicenter DSM ActiveX AddColumn() Buffer Overflow
Date Disclosed:
3/16/2008
Date Patched:
3/27/2008
Vendor:
Computer Associates (CA)
Application:
BrightStor ARCserve Backup for Laptops & Desktops r11.5
Other BrightStor installations may also be vulnerable.
Description:
A zero-day exploit has been released for CA BrightStor for Laptops & Desktops. This ActiveX control is installed by default as part of the BrightStor package.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
ActiveX remote code execution vulnerabilities have very high impacts since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
The best form of mitigation is available by kill-bitting the CLSID for the Unicenter DSM ActiveX Control (BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3) following the directions of KB240797. This will disable calls to these ActiveX controls from web pages, thereby mitigating these specific vulnerabilities.
Protection:
CA products using the DSM ListCtrl ActiveX control Security Notice
Links:
Original Proof-Of-Concept (Code Execution - Calc.exe)
Status:
3/16/2008 Proof-Of-Concept Exploit Released
Common Name:
CA Unicenter DSM ActiveX AddColumn() Buffer Overflow
Date Disclosed:
3/16/2008
Date Patched:
3/27/2008
Vendor:
Computer Associates (CA)
Application:
BrightStor ARCserve Backup for Laptops & Desktops r11.5
Other BrightStor installations may also be vulnerable.
Description:
A zero-day exploit has been released for CA BrightStor for Laptops & Desktops. This ActiveX control is installed by default as part of the BrightStor package.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
ActiveX remote code execution vulnerabilities have very high impacts since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
The best form of mitigation is available by kill-bitting the CLSID for the Unicenter DSM ActiveX Control (BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3) following the directions of KB240797. This will disable calls to these ActiveX controls from web pages, thereby mitigating these specific vulnerabilities.
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
CA products using the DSM ListCtrl ActiveX control Security Notice
Links:
Original Proof-Of-Concept (Code Execution - Calc.exe)
Status:
3/16/2008 Proof-Of-Concept Exploit Released
