Zero Day Initiative Advisory 10-066 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates XOsoft Control Replication and High Availability Control Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /entry_point.aspx service and occurs due to an unbounded string copy utilizing a string controlled by the user as the source into a fixed length buffer located on the stack. Successful exploitation can lead to code execution under the context of the service.
b312b92fd65e05573df0f64fce5a0025483f93db7e1bb65b59bbd3600014db5d
Zero Day Initiative Advisory 10-065 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates XOsoft Control Replication and High Availability Control Service. Authentication is not required to exploit this vulnerability. The specific flaws exist within the /ws_man/xosoapapi.asmx SOAP endpoint and occur when submitting malformed requests to the server. Successful exploitation can lead to code execution under the context of the service.
d85dc0e66b2ace0f3a00e16efb1749d56f1de84b6c2e0f35779b87f0d6c76ba9
CA's support is alerting customers to multiple security risks with CA XOsoft products. Multiple vulnerabilities exist that can allow a remote attacker to gain sensitive information, cause a denial of service, or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
4f0ccb63614eae015dcca644dfed7c789226834eac0663d29fecd6799c65fd53