No content since 2004
Feel free to donate
Chris @ MyITforum
Subscribe in a reader
Subscribe to Chris Mosby at myITforum.com by Email
CA BrightStor ARCserve Backup "ListCtrl" ActiveX Control Buffer Overflow Secunia Advisory:SA29408 Release Date:2008-03-17 Critical:Highly critical Impact:System access Where:From remote Solution Status:Unpatched Software:BrightStor ARCserve Backup 11.xBrightStor ARCserve Backup 11.x (for Windows)CA ARCserve Backup for Laptops & Desktops 11.xDescription:Krystian Kloskowski has reported a vulnerability in CA BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a user's system.The vulnerability is caused due to a boundary error in the "AddColumn()" method within the "ListCtrl" ActiveX control (ListCtrl.ocx), which can be exploited to cause a stack-based buffer overflow via an overly long argument passed to the affected method.Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious web page.The vulnerability is reported in version r11.5. Other versions may also be affected.Solution:Set the kill-bit for the affected ActiveX control.Provided and/or discovered by:Krystian Kloskowski (h07)Original Advisory:http://milw0rm.com/exploits/5264
CA BrightStor ARCserve Backup "ListCtrl" ActiveX Control Buffer Overflow
Secunia Advisory:SA29408
Release Date:2008-03-17
Critical:Highly critical
Impact:System access
Where:From remote
Solution Status:Unpatched
Software:BrightStor ARCserve Backup 11.xBrightStor ARCserve Backup 11.x (for Windows)CA ARCserve Backup for Laptops & Desktops 11.x
Source: CA BrightStor ARCserve Backup "ListCtrl" ActiveX Control Buffer Overflow - Advisories - Secunia
No Comments