CVE-2008-1472

EXPLOITED

ListCtrl ActiveX Control - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16577
exploitdb WORKING POC VERIFIED
by h07 · htmlremotewindows
https://www.exploit-db.com/exploits/5264
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb

References (9)

Scores

EPSS 0.7628
EPSS Percentile 98.9%

Details

VulnCheck KEV 2010-05-01
CWE
CWE-119
Status published
Products (12)
computer_associates/brightstor_arcserve_backup_laptops_desktops 11.5
computer_associates/desktop_management_suite r11.1 a (3 CPE variants)
computer_associates/desktop_management_suite r11.2
computer_associates/unicenter_dsm_r11_list_control_atx 11.2.3.1895
unicenter/asset_management r11.1 a (3 CPE variants)
unicenter/asset_management r11.2 (3 CPE variants)
unicenter/desktop_management_bundle r11.1 a (3 CPE variants)
unicenter/desktop_management_bundle r11.2 (3 CPE variants)
unicenter/remote_control r11.1 a (3 CPE variants)
unicenter/remote_control r11.2 (3 CPE variants)
... and 2 more
Published Mar 24, 2008
Tracked Since Feb 18, 2026