Important Security Notice
Unicenter Remote Control 5.2/5.1/5.0 and ControlIT 5.1/5.0
The Computer Associates Technical Support team wishes to alert our customers about potential system security vulnerabilities that we have recently discovered regarding the following products.
Unicenter Remote Control 5.2
Unicenter Remote Control Option 5.1
Unicenter Remote Control Option German Version 5.1
Unicenter Remote Control Option 5.0
Control IT Enterprise Edition 5.1
Control IT Enterprise Edition 5.0
Control IT Advanced Edition 5.0
System Security Vulnerability
A security vulnerability exists in the products listed above. The vulnerability exists because the user interface of Host and Viewer indirectly allows any application to be run under the local system account. This gives an attacker very high privileges.
To exploit this vulnerability, the attacker would require direct or remote access to the computer's desktop.
In the worst case, the attacker could run the command prompt as local system providing privileges above those intended for the user.
A resolution to these problems has been published and we advise customers to apply the patch as advised by the table below:
|Unicenter Remote Control 5.2 ||QO48406 |
|Unicenter Remote Control Option 5.1 ||QO48410 |
|Unicenter Remote Control Option German Version 5.1 ||QO48411 |
|Unicenter Remote Control Option 5.0 ||QO48412 |
|Control IT Enterprise Edition 5.1 ||QO48413 |
|Control IT Enterprise Edition 5.0 ||QO48415 |
|Control IT Advanced Edition 5.0 ||QO48416 |