In association with heise online

31 March 2008, 16:23

Security leak in CA ActiveX module now used for exploits

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Web attack toolkit developers are getting faster all the time. Some two weeks ago, a sample exploit for a security hole in an ActiveX module used by numerous CA products showed up in the milw0rm Archive. Roger Thompson reports in the Exploit Prevention Labs blog that Neosploit, which put the kit together, has expanded the attack tool with another exploit that infects visitors of manipulated websites with malware if they have the vulnerable ActiveX module installed.

Surfers on company computers are most likely to be affected, since the software that includes the ListCtrl.ocx ActiveX module is mainly used in a business environment. It includes: BrightStor ARCServe Backup for Laptops and Desktops, CA Desktop Management Suite, Unicenter Desktop Management Bundle, Unicenter Asset Management, Unicenter Software Delivery and Unicenter Remote Control. In its security advisory, CA provides a link to updated versions of the software, which administrators of the affected programs should disseminate quickly. Alternatively, the ActiveX module can be deactivated by setting a killbit on the {BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3} CLSID. Help is available in an article in Microsoft's Knowledge Base.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit