CVE-2008-1786 — Code Injection in Associates Arcserve Backup Laptops AND Desktops

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

36.7%

top 2.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Computer Associates Arcserve Backup Laptops AND Desktops Computer Associates Desktop AND Server Management Computer Associates Desktop Management Suite +4 more

Timeline

PublishedApr 16

Latest updateMay 1

Description

The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages7 packages

▶NVDcomputer_associates/arcserve_backup_laptops_and_desktopsr11.5

▶NVDcomputer_associates/desktop_management_suite4 versions+3

▶NVDcomputer_associates/unicenter_desktop_management_bundle5 versions+4

▶NVDcomputer_associates/unicenter_remote_control5 versions+4

▶NVDcomputer_associates/unicenter_asset_management5 versions+4

Patches

Patch: community.ca.com ↗Patch: www.securityfocus.com ↗Patch: support.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-x64v-3g63-2ccm: The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls↗2022-05-01

▶

CVEList

CVE-2008-1786: The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls↗2008-04-16

▶