ActiveX woes bite CA BrightStor

ActiveX woes bite CA BrightStor

Summary: Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system.

SHARE:

Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system.

A Secunia alert rates the vulnerability "highly critical." Here are the details:

Krystian Kloskowski has reported a vulnerability in CA BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the "AddColumn()" method within the "ListCtrl" ActiveX control (ListCtrl.ocx), which can be exploited to cause a stack-based buffer overflow via an overly long argument passed to the affected method.

Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious web page.

The vulnerability affects version r11.5, but other versions may be affected. More gory details--and a lot of code--are available in the original advisory from Kloskowski. The flaw is unpatched. And the solution is familiar: Set the kill-bit for the affected ActiveX control.

Topics: Storage, CXO, Hardware, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion