X
Tech
Home Tech Computing Storage

ActiveX woes bite CA BrightStor

Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system.
Written by Larry Dignan, Contributor

Another day another ActiveX problem. This time an ActiveX vulnerability in CA BrightStor ARCServe Backup could be exploited to compromise a user's system.

A Secunia alert rates the vulnerability "highly critical." Here are the details:

Krystian Kloskowski has reported a vulnerability in CA BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the "AddColumn()" method within the "ListCtrl" ActiveX control (ListCtrl.ocx), which can be exploited to cause a stack-based buffer overflow via an overly long argument passed to the affected method.

Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious web page.

The vulnerability affects version r11.5, but other versions may be affected. More gory details--and a lot of code--are available in the original advisory from Kloskowski. The flaw is unpatched. And the solution is familiar: Set the kill-bit for the affected ActiveX control.

Editorial standards
Show Comments

Related

asus-zenbook-14-main

The work laptop I recommend to most people is not made by Apple or Lenovo

Microsoft Copilot

7 reasons I use Copilot instead of ChatGPT

usb-kindle

Have an old Kindle? Whatever you do, do not do this one thing