CVE-2008-1786 - Vulnerability Details

Vendors	Products
Computer Associates	Arcserve Backup Laptops And Desktops Desktop And Server Management Desktop Management Suite Unicenter Asset Management Unicenter Desktop Management Bundle Unicenter Remote Control Unicenter Software Delivery

Link	Providers
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx
http://secunia.com/advisories/29837
http://www.kb.cert.org/vuls/id/684883
http://www.securityfocus.com/archive/1/490959/100/0/threaded
http://www.securityfocus.com/bid/28809
http://www.securitytracker.com/id?1019872
http://www.vupen.com/english/advisories/2008/1249/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41853
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ca-dsmguicmctrls-code-execution(41853)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41853"}, {"name": "VU#684883", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/684883"}, {"name": "29837", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29837"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256"}, {"name": "20080416 CA DSM gui_cm_ctrls ActiveX Control Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490959/100/0/threaded"}, {"name": "ADV-2008-1249", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1249/references"}, {"name": "28809", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28809"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx"}, {"name": "1019872", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019872"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1786", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ca-dsmguicmctrls-code-execution(41853)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41853"}, {"name": "VU#684883", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/684883"}, {"name": "29837", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29837"}, {"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256", "refsource": "CONFIRM", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256"}, {"name": "20080416 CA DSM gui_cm_ctrls ActiveX Control Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490959/100/0/threaded"}, {"name": "ADV-2008-1249", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1249/references"}, {"name": "28809", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28809"}, {"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx"}, {"name": "1019872", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019872"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:01.307Z"}, "title": "CVE Program Container", "references": [{"name": "ca-dsmguicmctrls-code-execution(41853)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41853"}, {"name": "VU#684883", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/684883"}, {"name": "29837", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29837"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256"}, {"name": "20080416 CA DSM gui_cm_ctrls ActiveX Control Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/490959/100/0/threaded"}, {"name": "ADV-2008-1249", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1249/references"}, {"name": "28809", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28809"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx"}, {"name": "1019872", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019872"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1786", "datePublished": "2008-04-16T17:00:00", "dateReserved": "2008-04-15T00:00:00", "dateUpdated": "2024-08-07T08:32:01.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2008-04-16T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-11T19:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : ca-dsmguicmctrls-code-execution(41853) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/41853 (string)

}

1 : { »

name : VU#684883 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

]

url : http://www.kb.cert.org/vuls/id/684883 (string)

}

2 : { »

name : 29837 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/29837 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256 (string)

}

4 : { »

name : 20080416 CA DSM gui_cm_ctrls ActiveX Control Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/490959/100/0/threaded (string)

}

5 : { »

name : ADV-2008-1249 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2008/1249/references (string)

}

6 : { »

name : 28809 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/28809 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx (string)

}

8 : { »

name : 1019872 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1019872 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2008-1786 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : ca-dsmguicmctrls-code-execution(41853) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/41853 (string)

}

1 : { »

name : VU#684883 (string)

refsource : CERT-VN (string)

url : http://www.kb.cert.org/vuls/id/684883 (string)

}

2 : { »

name : 29837 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/29837 (string)

}

3 : { »

name : https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256 (string)

refsource : CONFIRM (string)

url : https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256 (string)

}

4 : { »

name : 20080416 CA DSM gui_cm_ctrls ActiveX Control Vulnerability (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/490959/100/0/threaded (string)

}

5 : { »

name : ADV-2008-1249 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2008/1249/references (string)

}

6 : { »

name : 28809 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/28809 (string)

}

7 : { »

name : http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx (string)

refsource : CONFIRM (string)

url : http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx (string)

}

8 : { »

name : 1019872 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id?1019872 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T08:32:01.307Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : ca-dsmguicmctrls-code-execution(41853) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/41853 (string)

}

1 : { »

name : VU#684883 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

2 : x_transferred (string)

]

url : http://www.kb.cert.org/vuls/id/684883 (string)

}

2 : { »

name : 29837 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/29837 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256 (string)

}

4 : { »

name : 20080416 CA DSM gui_cm_ctrls ActiveX Control Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/490959/100/0/threaded (string)

}

5 : { »

name : ADV-2008-1249 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2008/1249/references (string)

}

6 : { »

name : 28809 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/28809 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx (string)

}

8 : { »

name : 1019872 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1019872 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2008-1786 (string)

datePublished : 2008-04-16T17:00:00 (string)

dateReserved : 2008-04-15T00:00:00 (string)

dateUpdated : 2024-08-07T08:32:01.307Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:computer_associates:arcserve_backup_laptops_and_desktops:r11.5:*:*:*:*:*:*:*", "matchCriteriaId": "06109720-7926-4FC2-929B-0F16B1831739", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:desktop_and_server_management:r11.1:*:*:*:*:*:*:*", "matchCriteriaId": "6A9801DB-E3D2-4314-B48B-8F127D4C6F48", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2:*:*:*:*:*:*:*", "matchCriteriaId": "C32D19ED-1EF0-4B66-8130-DA801BE7F34B", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2a:*:*:*:*:*:*:*", "matchCriteriaId": "943AFBAF-83DC-4A3B-B2E1-ACE6FF49F1E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2c1:*:*:*:*:*:*:*", "matchCriteriaId": "136D746D-573D-49AC-BD5C-5900021E276E", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2c2:*:*:*:*:*:*:*", "matchCriteriaId": "33B72C35-13CA-4709-852E-929929FA1B27", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:desktop_management_suite:r11.2:*:*:*:*:*:*:*", "matchCriteriaId": "CEBE5366-CEDA-4CF2-9625-13E9D9E93B41", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:desktop_management_suite:r11.2a:*:*:*:*:*:*:*", "matchCriteriaId": "24E406D9-A850-4583-8A00-54DA578F6EB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:desktop_management_suite:r11.2c1:*:*:*:*:*:*:*", "matchCriteriaId": "C126FF95-7341-4B14-88B9-38163D98DF1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:desktop_management_suite:r11.2c2:*:*:*:*:*:*:*", "matchCriteriaId": "F58E3FBB-B807-4D15-8D73-94496B0749AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_asset_management:r11.1:*:*:*:*:*:*:*", "matchCriteriaId": "404081A2-644D-4F4A-9BEE-6EE3A7BB2BC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2:*:*:*:*:*:*:*", "matchCriteriaId": "24503C4D-24BF-4EF3-A2F7-41958D02C7A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2a:*:*:*:*:*:*:*", "matchCriteriaId": "04A5D3AF-997D-4F7E-B12E-442B42D38145", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2c1:*:*:*:*:*:*:*", "matchCriteriaId": "809DB7E2-023F-491E-933F-3C47197EF2B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2c2:*:*:*:*:*:*:*", "matchCriteriaId": "37B1BD20-8F53-462E-A0B2-53185C49D63A", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC37EE01-FEAA-418B-B2D0-8793E823D9DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2:*:*:*:*:*:*:*", "matchCriteriaId": "229BB2F0-BA44-423B-B232-3B50C55F2E4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2a:*:*:*:*:*:*:*", "matchCriteriaId": "B3833EBA-F8CC-4E39-92D5-20EA31F5DF9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2c1:*:*:*:*:*:*:*", "matchCriteriaId": "E9539E19-223C-4AA3-ADC8-F3606336816B", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2c2:*:*:*:*:*:*:*", "matchCriteriaId": "3FFEBDA7-6A58-4E3B-B58B-424BD7E07C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_remote_control:r11.1:*:*:*:*:*:*:*", "matchCriteriaId": "F192DA2C-FAEC-4D77-A32C-7513EA053305", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2:*:*:*:*:*:*:*", "matchCriteriaId": "757EFDA2-F229-461C-9256-1A7F31A2AC27", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2a:*:*:*:*:*:*:*", "matchCriteriaId": "D4C36FD1-EFC8-446D-B32B-6DCA094DCCA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2c1:*:*:*:*:*:*:*", "matchCriteriaId": "44782D0F-435C-43DB-AEE8-4926803A530E", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2c2:*:*:*:*:*:*:*", "matchCriteriaId": "1947D61C-B414-437B-99FF-B1D8627AAC5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B1ECC98-9A72-4E2C-81AD-35BE9700E589", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2:*:*:*:*:*:*:*", "matchCriteriaId": "AEF6F1F5-3D50-4B45-A9D6-823771F32B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2a:*:*:*:*:*:*:*", "matchCriteriaId": "8E1D0238-CE36-4F1B-BE87-3D15962D2DE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2c1:*:*:*:*:*:*:*", "matchCriteriaId": "7297A385-2C85-43E8-BFB0-F4B173B525FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2c2:*:*:*:*:*:*:*", "matchCriteriaId": "8FC3FF2E-1226-47E8-B5BE-B511A0EB9457", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments."}, {"lang": "es", "value": "El control ActiveX DSM gui_cm_ctrls (archivo gui_cm_ctrls.ocx), tal y como es usado en distintos productos de CA, incluyendo a BrightStor ARCServe Backup for Laptops and Desktops versi\u00f3n r11.5, Desktop Management Suite versiones r11.1 hasta r11.2 C2; Unicenter versiones r11.1 hasta r11.2 C2; y Desktop and Server Management versiones r11.1 hasta r11.2 C2, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de argumentos de funci\u00f3n dise\u00f1ados."}], "id": "CVE-2008-1786", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-04-16T17:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29837"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/684883"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/490959/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/28809"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019872"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1249/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41853"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29837"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/684883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490959/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/28809"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1249/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41853"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:computer_associates:arcserve_backup_laptops_and_desktops:r11.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 06109720-7926-4FC2-929B-0F16B1831739 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:computer_associates:desktop_and_server_management:r11.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 6A9801DB-E3D2-4314-B48B-8F127D4C6F48 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2:*:*:*:*:*:*:* (string)

matchCriteriaId : C32D19ED-1EF0-4B66-8130-DA801BE7F34B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2a:*:*:*:*:*:*:* (string)

matchCriteriaId : 943AFBAF-83DC-4A3B-B2E1-ACE6FF49F1E6 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2c1:*:*:*:*:*:*:* (string)

matchCriteriaId : 136D746D-573D-49AC-BD5C-5900021E276E (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:computer_associates:desktop_and_server_management:r11.2c2:*:*:*:*:*:*:* (string)

matchCriteriaId : 33B72C35-13CA-4709-852E-929929FA1B27 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:computer_associates:desktop_management_suite:r11.2:*:*:*:*:*:*:* (string)

matchCriteriaId : CEBE5366-CEDA-4CF2-9625-13E9D9E93B41 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:computer_associates:desktop_management_suite:r11.2a:*:*:*:*:*:*:* (string)

matchCriteriaId : 24E406D9-A850-4583-8A00-54DA578F6EB6 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:computer_associates:desktop_management_suite:r11.2c1:*:*:*:*:*:*:* (string)

matchCriteriaId : C126FF95-7341-4B14-88B9-38163D98DF1E (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:computer_associates:desktop_management_suite:r11.2c2:*:*:*:*:*:*:* (string)

matchCriteriaId : F58E3FBB-B807-4D15-8D73-94496B0749AF (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_asset_management:r11.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 404081A2-644D-4F4A-9BEE-6EE3A7BB2BC5 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 24503C4D-24BF-4EF3-A2F7-41958D02C7A6 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2a:*:*:*:*:*:*:* (string)

matchCriteriaId : 04A5D3AF-997D-4F7E-B12E-442B42D38145 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2c1:*:*:*:*:*:*:* (string)

matchCriteriaId : 809DB7E2-023F-491E-933F-3C47197EF2B9 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_asset_management:r11.2c2:*:*:*:*:*:*:* (string)

matchCriteriaId : 37B1BD20-8F53-462E-A0B2-53185C49D63A (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FC37EE01-FEAA-418B-B2D0-8793E823D9DC (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 229BB2F0-BA44-423B-B232-3B50C55F2E4B (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2a:*:*:*:*:*:*:* (string)

matchCriteriaId : B3833EBA-F8CC-4E39-92D5-20EA31F5DF9B (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2c1:*:*:*:*:*:*:* (string)

matchCriteriaId : E9539E19-223C-4AA3-ADC8-F3606336816B (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_desktop_management_bundle:r11.2c2:*:*:*:*:*:*:* (string)

matchCriteriaId : 3FFEBDA7-6A58-4E3B-B58B-424BD7E07C64 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_remote_control:r11.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F192DA2C-FAEC-4D77-A32C-7513EA053305 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 757EFDA2-F229-461C-9256-1A7F31A2AC27 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2a:*:*:*:*:*:*:* (string)

matchCriteriaId : D4C36FD1-EFC8-446D-B32B-6DCA094DCCA0 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2c1:*:*:*:*:*:*:* (string)

matchCriteriaId : 44782D0F-435C-43DB-AEE8-4926803A530E (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_remote_control:r11.2c2:*:*:*:*:*:*:* (string)

matchCriteriaId : 1947D61C-B414-437B-99FF-B1D8627AAC5A (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 8B1ECC98-9A72-4E2C-81AD-35BE9700E589 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2:*:*:*:*:*:*:* (string)

matchCriteriaId : AEF6F1F5-3D50-4B45-A9D6-823771F32B9A (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2a:*:*:*:*:*:*:* (string)

matchCriteriaId : 8E1D0238-CE36-4F1B-BE87-3D15962D2DE7 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2c1:*:*:*:*:*:*:* (string)

matchCriteriaId : 7297A385-2C85-43E8-BFB0-F4B173B525FF (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:computer_associates:unicenter_software_delivery:r11.2c2:*:*:*:*:*:*:* (string)

matchCriteriaId : 8FC3FF2E-1226-47E8-B5BE-B511A0EB9457 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments. (string)

}

1 : { »

lang : es (string)

value : El control ActiveX DSM gui_cm_ctrls (archivo gui_cm_ctrls.ocx), tal y como es usado en distintos productos de CA, incluyendo a BrightStor ARCServe Backup for Laptops and Desktops versión r11.5, Desktop Management Suite versiones r11.1 hasta r11.2 C2; Unicenter versiones r11.1 hasta r11.2 C2; y Desktop and Server Management versiones r11.1 hasta r11.2 C2, permite a los atacantes remotos ejecutar código arbitrario por medio de argumentos de función diseñados. (string)

}

]

id : CVE-2008-1786 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : true (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2008-04-16T17:05:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/29837 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/684883 (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/archive/1/490959/100/0/threaded (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : http://www.securityfocus.com/bid/28809 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://www.securitytracker.com/id?1019872 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.vupen.com/english/advisories/2008/1249/references (string)

}

7 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/41853 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/29837 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/684883 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/archive/1/490959/100/0/threaded (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://www.securityfocus.com/bid/28809 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id?1019872 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.vupen.com/english/advisories/2008/1249/references (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/41853 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-94 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object