CA20110420-02: Security Notice for CA Output Management Web Viewer
Issued: April 20, 2011
CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities.
The vulnerabilities, CVE-2011-1719, are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.
CA Output Management Web Viewer 11.0
CA Output Management Web Viewer 11.5
How to determine if the installation is affected
If the end-user controls are at a version that is less than the versions listed below, the installation is vulnerable.
|File Name ||Version |
|UOMWV_HelperActiveX.ocx ||184.108.40.206 |
|PPSView.ocx ||220.127.116.11 |
CA has issued the following patches to address the vulnerability.
CA Output Management Web Viewer 11.5:
Apply the RO29119 APAR, and then have end-users allow updated controls to be installed (on next attempt to use impacted feature).
CA Output Management Web Viewer 11.0:
Apply the RO29120 APAR, and then have end-users allow updated controls to be installed (on next attempt to use impacted feature).
CVE-2011-1719 - CA Output Management Web Viewer ActiveX Control Buffer Overflows
Dmitriy Pletnev, Secunia Research
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies Support at
If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Technologies Product Vulnerability Response Team.