Unrated severityNVD Advisory· Published Mar 24, 2008· Updated Apr 23, 2026

CVE-2008-1472

Description

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.

Affected products

Ca/Brightstor Arcserve Backup Laptops Desktops
cpe:2.3:a:computer_associates:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
Ca/Desktop Management Suite4 versions
cpe:2.3:a:computer_associates:desktop_management_suite:r11.1:a:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:computer_associates:desktop_management_suite:r11.1:a:*:*:*:*:*:*
- cpe:2.3:a:computer_associates:desktop_management_suite:r11.1:c1:*:*:*:*:*:*
- cpe:2.3:a:computer_associates:desktop_management_suite:r11.1:ga:*:*:*:*:*:*
- cpe:2.3:a:computer_associates:desktop_management_suite:r11.2:*:*:*:*:*:*:*
Ca/Unicenter Dsm R11 List Control Atx
cpe:2.3:a:computer_associates:unicenter_dsm_r11_list_control_atx:11.2.3.1895:*:*:*:*:*:*:*
Unicenter/Asset Management6 versions
cpe:2.3:a:unicenter:asset_management:r11.1:a:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:unicenter:asset_management:r11.1:a:*:*:*:*:*:*
- cpe:2.3:a:unicenter:asset_management:r11.1:c1:*:*:*:*:*:*
- cpe:2.3:a:unicenter:asset_management:r11.1:ga:*:*:*:*:*:*
- cpe:2.3:a:unicenter:asset_management:r11.2:*:*:*:*:*:*:*
- cpe:2.3:a:unicenter:asset_management:r11.2:a:*:*:*:*:*:*
- cpe:2.3:a:unicenter:asset_management:r11.2:c1:*:*:*:*:*:*
Unicenter/Desktop Management Bundle6 versions
cpe:2.3:a:unicenter:desktop_management_bundle:r11.1:a:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:unicenter:desktop_management_bundle:r11.1:a:*:*:*:*:*:*
- cpe:2.3:a:unicenter:desktop_management_bundle:r11.1:c1:*:*:*:*:*:*
- cpe:2.3:a:unicenter:desktop_management_bundle:r11.1:ga:*:*:*:*:*:*
- cpe:2.3:a:unicenter:desktop_management_bundle:r11.2:*:*:*:*:*:*:*
- cpe:2.3:a:unicenter:desktop_management_bundle:r11.2:a:*:*:*:*:*:*
- cpe:2.3:a:unicenter:desktop_management_bundle:r11.2:c1:*:*:*:*:*:*
Unicenter/Remote Control6 versions
cpe:2.3:a:unicenter:remote_control:r11.1:a:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:unicenter:remote_control:r11.1:a:*:*:*:*:*:*
- cpe:2.3:a:unicenter:remote_control:r11.1:c1:*:*:*:*:*:*
- cpe:2.3:a:unicenter:remote_control:r11.1:ga:*:*:*:*:*:*
- cpe:2.3:a:unicenter:remote_control:r11.2:*:*:*:*:*:*:*
- cpe:2.3:a:unicenter:remote_control:r11.2:a:*:*:*:*:*:*
- cpe:2.3:a:unicenter:remote_control:r11.2:c1:*:*:*:*:*:*
Unicenter/Software Delivery6 versions
cpe:2.3:a:unicenter:software_delivery:r11.1:a:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:unicenter:software_delivery:r11.1:a:*:*:*:*:*:*
- cpe:2.3:a:unicenter:software_delivery:r11.1:c1:*:*:*:*:*:*
- cpe:2.3:a:unicenter:software_delivery:r11.1:ga:*:*:*:*:*:*
- cpe:2.3:a:unicenter:software_delivery:r11.2:*:*:*:*:*:*:*
- cpe:2.3:a:unicenter:software_delivery:r11.2:a:*:*:*:*:*:*
- cpe:2.3:a:unicenter:software_delivery:r11.2:c1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/28268nvdExploit
secunia.com/advisories/29408nvdVendor Advisory
www.vupen.com/english/advisories/2008/0902/referencesnvdVendor Advisory
community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspxnvd
www.securityfocus.com/archive/1/489893/100/0/threadednvd
www.securityfocus.com/archive/1/490263/100/0/threadednvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/41225nvd
www.exploit-db.com/exploits/5264nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.061
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000