CVE-2007-3875
https://notcve.org/view.php?id=CVE-2007-3875
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. arclib.dll anterior a 7.3.0.9 en CA Anti-Virus (formalmente eTrust Antivirus) 8 y otros ciertos productos CA permiten a atacantes remotos provocar denegación de servicio (bucles infinitos y perdida de funcionalidad antivirus) a través de un campo"listado previo de un trozo de número" en un cierto archivo CHM. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567 http://secunia.com/advisories/26155 http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847 http://www.securityfocus.com/archive/1/474601/100/0/threaded http://www.securityfocus.com/archive/1/474605/100/100/threaded http://www.securityfocus.com/archive/1/474683/100/0/threaded http://www.securityfocus.com/bid/25049 http: •
CVE-2007-3334 – Ingress Database Server 2.6 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3334
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. Múltiples desbordamientos de búfer basados en montículo en los componentes (1) Communications Server (iigcc.exe) y (2) Data Access Server (iigcd.exe) para el Ingres Database Server 3.0.3, como el utilizado en los productos del CA (Computer Associates) incluyendo el eTrust Secure Content Manager r8 bajo Windows, permiten a atacantes remotos ejecutar código de su elección a través de vectores sin especificar. Computer Associates Advantage Ingres version 2.6 suffers from multiple denial of service vulnerabilities. • https://www.exploit-db.com/exploits/30224 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546 http://osvdb.org/37487 http://osvdb.org/37488 http://secunia.com/advisories/25756 http://secunia.com/advisories/25775 http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 http://www.securityfocus.com/bid/24585 http://www.securitytracker.com/id?1018278 http://www.vupen.com •
CVE-2007-2864 – CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2864
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. Desbordamiento de búfer basado en pila en el motor antivirus anterior a la actualización de contenido 30.6 de múltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar código de su elección mediante un valor largo no válido del campo coffFiles en un fichero .CAB. This vulnerability allows remote attackers to execute arbitrary code onvulnerable installations of various Computer Associates products. The specific flaw exists within the processing of an improperly defined "coffFiles" field in .CAB archives. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow. • https://www.exploit-db.com/exploits/16677 http://secunia.com/advisories/25570 http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp http://www.kb.cert.org/vuls/id/105105 http://www.osvdb.org/35245 http://www.securityfocus.com/archive/1/470602/100/0/threaded http://www.securityfocus.com/archive/1/470754/100/0/threaded http://www.securityfocus.com/bid/24330 http://www.securitytracker.com/id?1018199 http://www.vupen.com/english/advisories/2007& •
CVE-2005-3653
https://notcve.org/view.php?id=CVE-2005-3653
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. • http://marc.info/?l=full-disclosure&m=113803349715927&w=2 http://secunia.com/advisories/18591 http://securityreason.com/securityalert/380 http://securitytracker.com/id?1015526 http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 http://www.osvdb.org/22688 http://www.securityfocus.com/archive/1/423288/100/0/threaded http://www.securityfocus.com/archive/1/423403/100/0/threaded http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-1693
https://notcve.org/view.php?id=CVE-2005-1693
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow. • http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1588 http://marc.info/?l=bugtraq&m=111686576416450&w=2 http://secunia.com/advisories/15470 http://secunia.com/advisories/15479 http://securitytracker.com/id?1014050 http://www.rem0te.com/public/images/vet.pdf http://www.securityfocus.com/bid/13710 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896 •