CVE-2008-1786

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.

El control ActiveX DSM gui_cm_ctrls (archivo gui_cm_ctrls.ocx), tal y como es usado en distintos productos de CA, incluyendo a BrightStor ARCServe Backup for Laptops and Desktops versión r11.5, Desktop Management Suite versiones r11.1 hasta r11.2 C2; Unicenter versiones r11.1 hasta r11.2 C2; y Desktop and Server Management versiones r11.1 hasta r11.2 C2, permite a los atacantes remotos ejecutar código arbitrario por medio de argumentos de función diseñados.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-04-15 CVE Reserved
2008-04-16 CVE Published
2024-08-07 CVE Updated
2024-09-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (9)

URL	Tag	Source
http://www.kb.cert.org/vuls/id/684883	Third Party Advisory
http://www.securityfocus.com/archive/1/490959/100/0/threaded	Mailing List
http://www.securitytracker.com/id?1019872	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41853	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx	2018-10-11
http://www.securityfocus.com/bid/28809	2018-10-11
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256	2018-10-11

URL	Date	SRC
http://secunia.com/advisories/29837	2018-10-11
http://www.vupen.com/english/advisories/2008/1249/references	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Computer Associates Search vendor "Computer Associates"		Arcserve Backup Laptops And Desktops Search vendor "Computer Associates" for product "Arcserve Backup Laptops And Desktops"				r11.5 Search vendor "Computer Associates" for product "Arcserve Backup Laptops And Desktops" and version "r11.5"		-		Affected
Computer Associates Search vendor "Computer Associates"		Desktop And Server Management Search vendor "Computer Associates" for product "Desktop And Server Management"				r11.1 Search vendor "Computer Associates" for product "Desktop And Server Management" and version "r11.1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Desktop And Server Management Search vendor "Computer Associates" for product "Desktop And Server Management"				r11.2 Search vendor "Computer Associates" for product "Desktop And Server Management" and version "r11.2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Desktop And Server Management Search vendor "Computer Associates" for product "Desktop And Server Management"				r11.2a Search vendor "Computer Associates" for product "Desktop And Server Management" and version "r11.2a"		-		Affected
Computer Associates Search vendor "Computer Associates"		Desktop And Server Management Search vendor "Computer Associates" for product "Desktop And Server Management"				r11.2c1 Search vendor "Computer Associates" for product "Desktop And Server Management" and version "r11.2c1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Desktop And Server Management Search vendor "Computer Associates" for product "Desktop And Server Management"				r11.2c2 Search vendor "Computer Associates" for product "Desktop And Server Management" and version "r11.2c2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Desktop Management Suite Search vendor "Computer Associates" for product "Desktop Management Suite"				r11.2 Search vendor "Computer Associates" for product "Desktop Management Suite" and version "r11.2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Desktop Management Suite Search vendor "Computer Associates" for product "Desktop Management Suite"				r11.2a Search vendor "Computer Associates" for product "Desktop Management Suite" and version "r11.2a"		-		Affected
Computer Associates Search vendor "Computer Associates"		Desktop Management Suite Search vendor "Computer Associates" for product "Desktop Management Suite"				r11.2c1 Search vendor "Computer Associates" for product "Desktop Management Suite" and version "r11.2c1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Desktop Management Suite Search vendor "Computer Associates" for product "Desktop Management Suite"				r11.2c2 Search vendor "Computer Associates" for product "Desktop Management Suite" and version "r11.2c2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Asset Management Search vendor "Computer Associates" for product "Unicenter Asset Management"				r11.1 Search vendor "Computer Associates" for product "Unicenter Asset Management" and version "r11.1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Asset Management Search vendor "Computer Associates" for product "Unicenter Asset Management"				r11.2 Search vendor "Computer Associates" for product "Unicenter Asset Management" and version "r11.2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Asset Management Search vendor "Computer Associates" for product "Unicenter Asset Management"				r11.2a Search vendor "Computer Associates" for product "Unicenter Asset Management" and version "r11.2a"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Asset Management Search vendor "Computer Associates" for product "Unicenter Asset Management"				r11.2c1 Search vendor "Computer Associates" for product "Unicenter Asset Management" and version "r11.2c1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Asset Management Search vendor "Computer Associates" for product "Unicenter Asset Management"				r11.2c2 Search vendor "Computer Associates" for product "Unicenter Asset Management" and version "r11.2c2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Desktop Management Bundle Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle"				r11.1 Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle" and version "r11.1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Desktop Management Bundle Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle"				r11.2 Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle" and version "r11.2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Desktop Management Bundle Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle"				r11.2a Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle" and version "r11.2a"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Desktop Management Bundle Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle"				r11.2c1 Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle" and version "r11.2c1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Desktop Management Bundle Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle"				r11.2c2 Search vendor "Computer Associates" for product "Unicenter Desktop Management Bundle" and version "r11.2c2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Remote Control Search vendor "Computer Associates" for product "Unicenter Remote Control"				r11.1 Search vendor "Computer Associates" for product "Unicenter Remote Control" and version "r11.1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Remote Control Search vendor "Computer Associates" for product "Unicenter Remote Control"				r11.2 Search vendor "Computer Associates" for product "Unicenter Remote Control" and version "r11.2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Remote Control Search vendor "Computer Associates" for product "Unicenter Remote Control"				r11.2a Search vendor "Computer Associates" for product "Unicenter Remote Control" and version "r11.2a"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Remote Control Search vendor "Computer Associates" for product "Unicenter Remote Control"				r11.2c1 Search vendor "Computer Associates" for product "Unicenter Remote Control" and version "r11.2c1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Remote Control Search vendor "Computer Associates" for product "Unicenter Remote Control"				r11.2c2 Search vendor "Computer Associates" for product "Unicenter Remote Control" and version "r11.2c2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Software Delivery Search vendor "Computer Associates" for product "Unicenter Software Delivery"				r11.1 Search vendor "Computer Associates" for product "Unicenter Software Delivery" and version "r11.1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Software Delivery Search vendor "Computer Associates" for product "Unicenter Software Delivery"				r11.2 Search vendor "Computer Associates" for product "Unicenter Software Delivery" and version "r11.2"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Software Delivery Search vendor "Computer Associates" for product "Unicenter Software Delivery"				r11.2a Search vendor "Computer Associates" for product "Unicenter Software Delivery" and version "r11.2a"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Software Delivery Search vendor "Computer Associates" for product "Unicenter Software Delivery"				r11.2c1 Search vendor "Computer Associates" for product "Unicenter Software Delivery" and version "r11.2c1"		-		Affected
Computer Associates Search vendor "Computer Associates"		Unicenter Software Delivery Search vendor "Computer Associates" for product "Unicenter Software Delivery"				r11.2c2 Search vendor "Computer Associates" for product "Unicenter Software Delivery" and version "r11.2c2"		-		Affected