BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

CA Unicenter DSM ActiveX AddColumn() Buffer Overflow

Disclosed March 16, 2008    No Patch Available

Vulnerability Description:

A zero-day exploit has been released for CA BrightStor for Laptops & Desktops. This ActiveX control is installed by default as part of the BrightStor package.

Vendors:

Computer Associates

Vulnerable Software/Devices:

BrightStor ARCserve Backup for Laptops & Desktops r11.5
Other BrightStor installations may also be vulnerable.

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

Mitigation:

The best form of mitigation is available by kill-bitting the CLSID for the Unicenter DSM ActiveX Control (BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3) following the directions of KB240797. This will disable calls to these ActiveX controls from web pages, thereby mitigating these specific vulnerabilities.

Links:

CVE(s):

None