CVE-2008-1472

EXPLOITED

ListCtrl ActiveX Control - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2008-1472 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, h07, including a Metasploit module exploits/windows/browser/ca_brightstor_addcolumn.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in the CA BrightStor ARCserve Backup ActiveX control (ListCtrl.ocx) via the AddColumn() method. It delivers a payload through a malicious HTML page, leveraging JavaScript to trigger the vulnerability.

Description

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16577

This is a Metasploit module exploiting a stack-based buffer overflow in the CA BrightStor ARCserve Backup ActiveX control (ListCtrl.ocx) via the AddColumn() method. It delivers a payload through a malicious HTML page, leveraging JavaScript to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor ARCserve Backup (ListCtrl.ocx ActiveX control)
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed · Target must visit a malicious webpage or open a malicious HTML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by h07 · htmlremotewindows
https://www.exploit-db.com/exploits/5264

This exploit targets a buffer overflow vulnerability in CA BrightStor ARCserve Backup r11.5 via the AddColumn() method in the ListCtrl.ocx ActiveX control. It uses a heap spray technique to achieve remote code execution by overwriting memory with shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor ARCserve Backup r11.5
No auth needed
Prerequisites: Victim must use Internet Explorer with ActiveX enabled · Target system must have the vulnerable ListCtrl.ocx installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb

This Metasploit module exploits a stack-based buffer overflow in the CA BrightStor ARCserve Backup ActiveX control (ListCtrl.ocx) via the AddColumn() method. It delivers a malicious HTML page with obfuscated JavaScript to trigger the overflow and execute arbitrary code.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CA BrightStor ARCserve Backup (ListCtrl.ocx ActiveX control)
No auth needed
Prerequisites: Victim must visit a malicious web page or open a malicious HTML file · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28268
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0902/references
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29408
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5264
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41225
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489893/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019617
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490263/100/0/threaded

Scores

EPSS 0.7628
EPSS Percentile 99.0%

Details

VulnCheck KEV 2010-05-01
CWE
CWE-119
Status published
Products (12)
computer_associates/brightstor_arcserve_backup_laptops_desktops 11.5
computer_associates/desktop_management_suite r11.1 a (3 CPE variants)
computer_associates/desktop_management_suite r11.2
computer_associates/unicenter_dsm_r11_list_control_atx 11.2.3.1895
unicenter/asset_management r11.1 a (3 CPE variants)
unicenter/asset_management r11.2 (3 CPE variants)
unicenter/desktop_management_bundle r11.1 a (3 CPE variants)
unicenter/desktop_management_bundle r11.2 (3 CPE variants)
unicenter/remote_control r11.1 a (3 CPE variants)
unicenter/remote_control r11.2 (3 CPE variants)
... and 2 more
Published Mar 24, 2008
Tracked Since Feb 18, 2026