9.3

CVE-2008-1786

The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.82% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx
Patch
Vendor Advisory
http://secunia.com/advisories/29837
Vendor Advisory
http://www.kb.cert.org/vuls/id/684883
US Government Resource
http://www.securityfocus.com/archive/1/490959/100/0/threaded
http://www.securityfocus.com/bid/28809
Patch
http://www.securitytracker.com/id?1019872
http://www.vupen.com/english/advisories/2008/1249/references
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41853
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
Patch
Vendor Advisory