ActiveX woes bite CA BrightStor

Summary:Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system.

Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system.

A Secunia alert rates the vulnerability "highly critical." Here are the details:

Krystian Kloskowski has reported a vulnerability in CA BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the "AddColumn()" method within the "ListCtrl" ActiveX control (ListCtrl.ocx), which can be exploited to cause a stack-based buffer overflow via an overly long argument passed to the affected method.

Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious web page.

The vulnerability affects version r11.5, but other versions may be affected. More gory details--and a lot of code--are available in the original advisory from Kloskowski. The flaw is unpatched. And the solution is familiar: Set the kill-bit for the affected ActiveX control.

Topics: Storage, CXO, Hardware, Security, Software Development

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.