Vulnerability Details CVE-2008-1786
The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.427
EPSS Ranking 97.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx
- http://secunia.com/advisories/29837
- http://www.kb.cert.org/vuls/id/684883
- http://www.securityfocus.com/archive/1/490959/100/0/threaded
- http://www.securityfocus.com/bid/28809
- http://www.securitytracker.com/id?1019872
- http://www.vupen.com/english/advisories/2008/1249/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41853
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
- http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx
- http://secunia.com/advisories/29837
- http://www.kb.cert.org/vuls/id/684883
- http://www.securityfocus.com/archive/1/490959/100/0/threaded
- http://www.securityfocus.com/bid/28809
- http://www.securitytracker.com/id?1019872
- http://www.vupen.com/english/advisories/2008/1249/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41853
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
Products affected by CVE-2008-1786
-
cpe:2.3:a:computer_associates:arcserve_backup_laptops_and_desktops:r11.5
-
cpe:2.3:a:computer_associates:desktop_and_server_management:r11.1
-
cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2
-
cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2a
-
cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2c1
-
cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2c2
-
cpe:2.3:a:computer_associates:desktop_management_suite:r11.2
-
cpe:2.3:a:computer_associates:desktop_management_suite:r11.2a
-
cpe:2.3:a:computer_associates:desktop_management_suite:r11.2c1
-
cpe:2.3:a:computer_associates:desktop_management_suite:r11.2c2
-
cpe:2.3:a:computer_associates:unicenter_asset_management:r11.1
-
cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2
-
cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2a
-
cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2c1
-
cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2c2
-
cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.1
-
cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2
-
cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2a
-
cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2c1
-
cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2c2
-
cpe:2.3:a:computer_associates:unicenter_remote_control:r11.1
-
cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2
-
cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2a
-
cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2c1
-
cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2c2
-
cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.1
-
cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2
-
cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2a
-
cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2c1
-
cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2c2