CA Products ActiveX Control Vulnerabilities

The ActiveX control gui_cm_ctrls.ocx in a number of CA products contains vulnerabilities caused by improper input validation. Successful exploits can lead to arbitrary code execution and could lead to full compromise of an affected system.

BrightStor ARCServe Backup for Laptops and Desktops r11.5 (Server only, client is not affected).
CA Desktop Management Suite r11.2 C2
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C2
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C2
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C2
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C2
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2
Unicenter Remote Control r11.1 (GA, a, C1)
CA Desktop and Server Management r11.2 C2
CA Desktop and Server Management r11.2 C1
CA Desktop and Server Management r11.2a
CA Desktop and Server Management r11.2
CA Desktop and Server Management r11.1 (GA, a, C1)

For full details see the original advisory at: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256

Leave a Reply