Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1472Improper Restriction of Operations within the Bounds of a Memory Buffer in Associates Brightstor Arcserve Backup Laptops Desktops

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents5 sources
Severity
9.3CRITICALNVD
EPSS
76.3%
top 1.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
7
Computer Associates Brightstor Arcserve Backup Laptops DesktopsComputer Associates Desktop Management SuiteComputer Associates Unicenter DSM R11 List Control ATX+4 more
Timeline
PublishedMar 24
Latest updateMay 1

Description

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages7 packages

NVDunicenter/remote_controlr11.1, r11.2+1
NVDunicenter/asset_managementr11.1, r11.2+1

🔴Vulnerability Details

3
GHSA
GHSA-2h35-rff7-6q25: Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl2022-05-01
CVEList
CVE-2008-1472: Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl2008-03-24
VulnCheck
computer_associates brightstor_arcserve_backup_laptops_desktops Improper Restriction of Operations within the Bounds of a Memory Buffer2008

💥Exploits & PoCs

4
Exploit-DB
ZeroLogon - Netlogon Elevation of Privilege2020-11-18
Exploit-DB
CA BrightStor ARCserve Backup - 'AddColumn()' ActiveX Buffer Overflow (Metasploit)2010-06-15
Exploit-DB
S.T.A.L.K.E.R. 1.0.06 - Remote Denial of Service2008-06-15
Exploit-DB
CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow2008-03-16
CVE-2008-1472 — CRITICAL severity | cvebase