← Back

CVE-2008-1786

nvd nist
Published: Apr 16, 2008Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.

Affected (30)

Computer Associates
7 products
Arcserve Backup Laptops And Desktops
Desktop And Server Management
Desktop Management Suite
Unicenter Asset Management
Unicenter Desktop Management Bundle
Unicenter Remote Control
Unicenter Software Delivery
Configuration A
30 vulnerable
Vulnerable SoftwareAffected Versions
Arcserve Backup Laptops And Desktops
Version r11.5
Desktop And Server Management
Version r11.1
Desktop And Server Management
Version r11.2
Desktop And Server Management
Version r11.2a
Desktop And Server Management
Version r11.2c1
Desktop And Server Management
Version r11.2c2
Desktop Management Suite
Version r11.2
Desktop Management Suite
Version r11.2a
Desktop Management Suite
Version r11.2c1
Desktop Management Suite
Version r11.2c2
Unicenter Asset Management
Version r11.1
Unicenter Asset Management
Version r11.2
Unicenter Asset Management
Version r11.2a
Unicenter Asset Management
Version r11.2c1
Unicenter Asset Management
Version r11.2c2
Unicenter Desktop Management Bundle
Version r11.1
Unicenter Desktop Management Bundle
Version r11.2
Unicenter Desktop Management Bundle
Version r11.2a
Unicenter Desktop Management Bundle
Version r11.2c1
Unicenter Desktop Management Bundle
Version r11.2c2
Unicenter Remote Control
Version r11.1
Unicenter Remote Control
Version r11.2
Unicenter Remote Control
Version r11.2a
Unicenter Remote Control
Version r11.2c1
Unicenter Remote Control
Version r11.2c2
Unicenter Software Delivery
Version r11.1
Unicenter Software Delivery
Version r11.2
Unicenter Software Delivery
Version r11.2a
Unicenter Software Delivery
Version r11.2c1
Unicenter Software Delivery
Version r11.2c2

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (18)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
US Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.