Detections
Analytics

CA Multiple Products gui_cm_ctrls.ocx ActiveX Control Arbitrary Code Execution

high Nessus Plugin ID 67258

Language:

Synopsis

The remote host has an ActiveX control installed that is affected by an arbitrary code execution vulnerability.

Description

The remote host has the CA gui_cm_ctrls.ocx ActiveX control installed that is affected by an arbitrary code execution vulnerability due to insufficient verification of function arguments. By tricking a user into opening a specially crafted web page, a remote attacker may be able to execute arbitrary code.

Solution

Apply the appropriate patch or workaround per the vendor's advisory.

See Also

https://seclists.org/bugtraq/2008/Apr/180

http://www.nessus.org/u?1d0c7846

Plugin Details

Severity: High

ID: 67258

File Name: ca_gui_cm_ctrls_activex.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 7/12/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:computer_associates:arcserve_backup_laptops_and_desktops

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 4/16/2008

Vulnerability Publication Date: 4/15/2008

Reference Information

CVE: CVE-2008-1786

BID: 28809

CWE: 94

CERT: 684883