CVE-2008-1472

Exploit

EPSS 75.85%
Published 24.03.2008 22:44:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Computer Associates ≫ Brightstor Arcserve Backup Laptops Desktops Version11.5

Computer Associates ≫ Desktop Management Suite Versionr11.1 Updatea

Computer Associates ≫ Desktop Management Suite Versionr11.1 Updatec1

Computer Associates ≫ Desktop Management Suite Versionr11.1 Updatega

Computer Associates ≫ Desktop Management Suite Versionr11.2

Computer Associates ≫ Unicenter Dsm R11 List Control Atx Version11.2.3.1895

Unicenter ≫ Asset Management Versionr11.1 Updatea

Unicenter ≫ Asset Management Versionr11.1 Updatec1

Unicenter ≫ Asset Management Versionr11.1 Updatega

Unicenter ≫ Asset Management Versionr11.2

Unicenter ≫ Asset Management Versionr11.2 Updatea

Unicenter ≫ Asset Management Versionr11.2 Updatec1

Unicenter ≫ Desktop Management Bundle Versionr11.1 Updatea

Unicenter ≫ Desktop Management Bundle Versionr11.1 Updatec1

Unicenter ≫ Desktop Management Bundle Versionr11.1 Updatega

Unicenter ≫ Desktop Management Bundle Versionr11.2

Unicenter ≫ Desktop Management Bundle Versionr11.2 Updatea

Unicenter ≫ Desktop Management Bundle Versionr11.2 Updatec1

Unicenter ≫ Remote Control Versionr11.1 Updatea

Unicenter ≫ Remote Control Versionr11.1 Updatec1

Unicenter ≫ Remote Control Versionr11.1 Updatega

Unicenter ≫ Remote Control Versionr11.2

Unicenter ≫ Remote Control Versionr11.2 Updatea

Unicenter ≫ Remote Control Versionr11.2 Updatec1

Unicenter ≫ Software Delivery Versionr11.1 Updatea

Unicenter ≫ Software Delivery Versionr11.1 Updatec1

Unicenter ≫ Software Delivery Versionr11.1 Updatega

Unicenter ≫ Software Delivery Versionr11.2

Unicenter ≫ Software Delivery Versionr11.2 Updatea

Unicenter ≫ Software Delivery Versionr11.2 Updatec1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	75.85%	0.989

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx

http://secunia.com/advisories/29408

Vendor Advisory

http://www.securityfocus.com/archive/1/489893/100/0/threaded

http://www.securityfocus.com/archive/1/490263/100/0/threaded

http://www.securityfocus.com/bid/28268

Exploit

http://www.securitytracker.com/id?1019617

http://www.vupen.com/english/advisories/2008/0902/references

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/41225

https://www.exploit-db.com/exploits/5264

https://nvd.nist.gov/vuln/detail/CVE-2008-1472

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1472

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1472

EUVD