CVE-2007-2863 – CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2863
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file. Desbordamiento de búfer basado en pila en el motor Anti-Virus antes de contener la actualización 30.6 en múltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar código de su elección mediante un nombre de fichero largo en el fichero .CAB. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists in the parsing of .CAB archives. When a long filename contained in the .CAB is processed by vete.dll an exploitable stack overflow may occur. • http://secunia.com/advisories/25570 http://securityreason.com/securityalert/2790 http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp http://www.kb.cert.org/vuls/id/739409 http://www.osvdb.org/35244 http://www.securityfocus.com/archive/1/470601/100/0/threaded http://www.securityfocus.com/archive/1/470754/100/0/threaded http://www.securityfocus.com/bid/24331 http://www.securitytracker.com/id?1018199 http://www.vupen.com/english/advisories/2007/ •
CVE-2004-2436
https://notcve.org/view.php?id=CVE-2004-2436
Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges. • http://osvdb.org/displayvuln.php?osvdb_id=10408 http://secunia.com/advisories/12639 http://securitytracker.com/id?1011468 http://www.securityfocus.com/bid/11277 https://exchange.xforce.ibmcloud.com/vulnerabilities/17562 •