what you don't know can hurt you

CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors

CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors
Posted Apr 21, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.

tags | advisory, remote, web, arbitrary, vulnerability, activex
advisories | CVE-2011-1719
MD5 | bbeba246d3ce36be6a7d73c8e91b7577

CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CA20110420-02: Security Notice for CA Output Management Web Viewer


Issued: April 20, 2011


CA Technologies support is alerting customers to security risks
associated with CA Output Management Web Viewer. Two vulnerabilities
exist that can allow a remote attacker to execute arbitrary code. CA
Technologies has issued patches to address the vulnerabilities.

The vulnerabilities, CVE-2011-1719, are due to boundary errors in the
UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote
attacker can create a specially crafted web page to exploit the flaws
and potentially execute arbitrary code.


Risk Rating

High


Platform

Windows


Affected Products

CA Output Management Web Viewer 11.0
CA Output Management Web Viewer 11.5


How to determine if the installation is affected

If the end-user controls are at a version that is less than the
versions listed below, the installation is vulnerable.


File Name Version

UOMWV_HelperActiveX.ocx 11.5.0.1
PPSView.ocx 1.0.0.7


Solution

CA has issued the following patches to address the vulnerability.

CA Output Management Web Viewer 11.0:
Apply the RO29119 APAR, and then have end-users allow updated controls
to be installed (on next attempt to use impacted feature).

CA Output Management Web Viewer 11.5:
Apply the RO29120 APAR, and then have end-users allow updated controls
to be installed (on next attempt to use impacted feature).


References

CVE-2011-1719 - CA Output Management Web Viewer ActiveX Control Buffer
Overflows


Acknowledgement

Dmitriy Pletnev, Secunia Research


Change History

Version 1.0: Initial Release


If additional information is required, please contact CA Technologies
Support at https://support.ca.com.

If you discover a vulnerability in a CA Technologies product, please
report your findings to the CA Technologies Product Vulnerability
Response Team.
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782


Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilja22@ca.com

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.1 (Build 287)
Charset: utf-8

wj8DBQFNr46ueSWR3+KUGYURAojuAJ4oStsjS0rZaUAQfRFC6Eapaz1qCQCcCzr/
hpLf/rw1crIjR+C2/fGCcLk=
=BwlK
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close