CVE-2007-2863

Description

Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.

Related CPE's

Could not find any relations

References

http://www.zerodayinitiative.com/advisories/ZDI-07-034.html

http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp

24331

Patch

25570

PatchVendor Advisory

VU#739409

US Government Resource

35244

1018199

2790

ADV-2007-2072

ca-multiple-antivirus-cab-bo(34741)

20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities

20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

10

Created by Yello
About Severity.io