A zero-day exploit has been released for CA BrightStor for Laptops & Desktops. This ActiveX control is installed by default as part of the BrightStor package.
BrightStor ARCserve Backup for Laptops & Desktops r11.5
Other BrightStor installations may also be vulnerable.
BeyondTrust Prevention and Detection:
- BeyondTrust's Blink® Professional Edition protects from this vulnerability.
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- Patch: CA products using the DSM ListCtrl ActiveX control Security Notice
The best form of mitigation is available by kill-bitting the CLSID for the Unicenter DSM ActiveX Control (BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3) following the directions of KB240797. This will disable calls to these ActiveX controls from web pages, thereby mitigating these specific vulnerabilities.