| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Apr 2011 22:12:57 -0400 From: "Williams, James K" <James.Williams@...com> To: <full-disclosure@...ts.grok.org.uk> Subject: CA20110420-02: Security Notice for CA Output Management Web Viewer -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CA20110420-02: Security Notice for CA Output Management Web Viewer Issued: April 20, 2011 CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities, CVE-2011-1719, are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code. Risk Rating High Platform Windows Affected Products CA Output Management Web Viewer 11.0 CA Output Management Web Viewer 11.5 How to determine if the installation is affected If the end-user controls are at a version that is less than the versions listed below, the installation is vulnerable. File Name Version UOMWV_HelperActiveX.ocx 11.5.0.1 PPSView.ocx 1.0.0.7 Solution CA has issued the following patches to address the vulnerability. CA Output Management Web Viewer 11.0: Apply the RO29119 APAR, and then have end-users allow updated controls to be installed (on next attempt to use impacted feature). CA Output Management Web Viewer 11.5: Apply the RO29120 APAR, and then have end-users allow updated controls to be installed (on next attempt to use impacted feature). References CVE-2011-1719 - CA Output Management Web Viewer ActiveX Control Buffer Overflows Acknowledgement Dmitriy Pletnev, Secunia Research Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at https://support.ca.com. If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Technologies Product Vulnerability Response Team. support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Thanks and regards, Ken Williams, Director ca technologies Product Vulnerability Response Team ca technologies Business Unit Operations wilja22@...com -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Charset: utf-8 wj4DBQFNr5KCeSWR3+KUGYURAseNAKCUFddGhEHrb3JBUABbqWWvGgvZTQCY9nHy V9Eya1SCGQ8B2kt6v50jNw== =Y75y -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists