CA Total Defense UNCWS Web Service DeleteReports Remote Code Execution Exploit

The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The DeleteReports method makes use of the uncsp_DeleteReports stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2011-1653
Product Version: 
12.3
Released Date: 
Thursday, May 17, 2012 - 00:00