CVE-2008-1472 – CA BrightStor ARCserve Backup - 'AddColumn()' ActiveX Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-1472

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method. Un desbordamiento de búfer en la región stack de la memoria en el control ActiveX ListCtrl (ListCtrl.ocx), como es usado en varios productos de CA, incluyendo BrightStor ARCserve Backup versión R11.5, Desktop Management Suite versiones r11.1 hasta r11.2 y productos Unicenter versiones r11.1 hasta r11. 2, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo) por medio de un argumento largo en el método AddColumn. The CA BrightStor ARCserve Backup ActiveX control (ListCtrl.ocx) is vulnerable to a stack-based buffer overflow. By passing an overly long argument to the AddColumn() method, a remote attacker could overflow a buffer and execute arbitrary code on the system. • https://www.exploit-db.com/exploits/16577 https://www.exploit-db.com/exploits/5264 http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx http://secunia.com/advisories/29408 http://www.securityfocus.com/archive/1/489893/100/0/threaded http://www.securityfocus.com/archive/1/490263/100/0/threaded http://www.securityfocus.com/bid/28268 http://www.securitytracker.com/id?1019617 http://www.vupen.com/english/advisories/2008/0902/references https://exchange. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •