Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system.
A Secunia alert rates the vulnerability "highly critical." Here are the details:
Krystian Kloskowski has reported a vulnerability in CA BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the "AddColumn()" method within the "ListCtrl" ActiveX control (ListCtrl.ocx), which can be exploited to cause a stack-based buffer overflow via an overly long argument passed to the affected method.
Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious web page.
The vulnerability affects version r11.5, but other versions may be affected. More gory details--and a lot of code--are available in the original advisory from Kloskowski. The flaw is unpatched. And the solution is familiar: Set the kill-bit for the affected ActiveX control.