CA20110420-02 Security Notice for CA Output Management Web Viewer - CA Technologies
{{search ? 'Close':'Search'}}

CA20110420-02: Security Notice for CA Output Management Web Viewer

Issued: April 20, 2011

CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities.

The vulnerabilities, CVE-2011-1719, are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.

Risk Rating

High

Platform

Windows

Affected Products

CA Output Management Web Viewer 11.0
CA Output Management Web Viewer 11.5

How to determine if the installation is affected

If the end-user controls are at a version that is less than the versions listed below, the installation is vulnerable.

File Name Version
UOMWV_HelperActiveX.ocx 11.5.0.1
PPSView.ocx 1.0.0.7

Solution

CA has issued the following patches to address the vulnerability.

CA Output Management Web Viewer 11.5:
Apply the RO29119 APAR, and then have end-users allow updated controls to be installed (on next attempt to use impacted feature).

CA Output Management Web Viewer 11.0:
Apply the RO29120 APAR, and then have end-users allow updated controls to be installed (on next attempt to use impacted feature).

References

CVE-2011-1719 - CA Output Management Web Viewer ActiveX Control Buffer Overflows

Acknowledgement

Dmitriy Pletnev, Secunia Research

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies Support at
https://support.ca.com.

If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Technologies Product Vulnerability Response Team.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing