CVE-2007-2864
CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
Desbordamiento de búfer basado en pila en el motor antivirus anterior a la actualización de contenido 30.6 de múltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar código de su elección mediante un valor largo no válido del campo coffFiles en un fichero .CAB.
This vulnerability allows remote attackers to execute arbitrary code onvulnerable installations of various Computer Associates products.
The specific flaw exists within the processing of an improperly defined "coffFiles" field in .CAB archives. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-05-24 CVE Reserved
- 2007-06-05 CVE Published
- 2010-11-11 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp | X_refsource_confirm | |
http://www.kb.cert.org/vuls/id/105105 | Third Party Advisory | |
http://www.osvdb.org/35245 | Vdb Entry | |
http://www.securityfocus.com/archive/1/470602/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/470754/100/0/threaded | Mailing List | |
http://www.securitytracker.com/id?1018199 | Vdb Entry | |
http://www.vupen.com/english/advisories/2007/2072 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-07-035.html | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/34737 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/16677 | 2010-11-11 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/25570 | 2021-04-14 | |
http://www.securityfocus.com/bid/24330 | 2021-04-14 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Broadcom Search vendor "Broadcom" | Anti-virus For The Enterprise Search vendor "Broadcom" for product "Anti-virus For The Enterprise" | 8 Search vendor "Broadcom" for product "Anti-virus For The Enterprise" and version "8" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | 9.01 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version "9.01" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | 10.5 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version "10.5" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | 11 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version "11" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | 11.1 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version "11.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | 11.5 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version "11.5" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Common Services Search vendor "Broadcom" for product "Common Services" | 1.0 Search vendor "Broadcom" for product "Common Services" and version "1.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Common Services Search vendor "Broadcom" for product "Common Services" | 1.1 Search vendor "Broadcom" for product "Common Services" and version "1.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Common Services Search vendor "Broadcom" for product "Common Services" | 2.0 Search vendor "Broadcom" for product "Common Services" and version "2.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Common Services Search vendor "Broadcom" for product "Common Services" | 2.1 Search vendor "Broadcom" for product "Common Services" and version "2.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Common Services Search vendor "Broadcom" for product "Common Services" | 2.2 Search vendor "Broadcom" for product "Common Services" and version "2.2" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Common Services Search vendor "Broadcom" for product "Common Services" | 3.0 Search vendor "Broadcom" for product "Common Services" and version "3.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Antivirus Search vendor "Broadcom" for product "Etrust Antivirus" | 8.0 Search vendor "Broadcom" for product "Etrust Antivirus" and version "8.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Antivirus Search vendor "Broadcom" for product "Etrust Antivirus" | 8.1 Search vendor "Broadcom" for product "Etrust Antivirus" and version "8.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Antivirus Gateway Search vendor "Broadcom" for product "Etrust Antivirus Gateway" | 7.1 Search vendor "Broadcom" for product "Etrust Antivirus Gateway" and version "7.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Antivirus Sdk Search vendor "Broadcom" for product "Etrust Antivirus Sdk" | * | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Ez Antivirus Search vendor "Broadcom" for product "Etrust Ez Antivirus" | 6.1 Search vendor "Broadcom" for product "Etrust Ez Antivirus" and version "6.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Ez Antivirus Search vendor "Broadcom" for product "Etrust Ez Antivirus" | 7.0 Search vendor "Broadcom" for product "Etrust Ez Antivirus" and version "7.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Ez Armor Search vendor "Broadcom" for product "Etrust Ez Armor" | 1.0 Search vendor "Broadcom" for product "Etrust Ez Armor" and version "1.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Ez Armor Search vendor "Broadcom" for product "Etrust Ez Armor" | 2.0 Search vendor "Broadcom" for product "Etrust Ez Armor" and version "2.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Ez Armor Search vendor "Broadcom" for product "Etrust Ez Armor" | 3.0 Search vendor "Broadcom" for product "Etrust Ez Armor" and version "3.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Etrust Ez Armor Search vendor "Broadcom" for product "Etrust Ez Armor" | 3.1 Search vendor "Broadcom" for product "Etrust Ez Armor" and version "3.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Integrated Threat Management Search vendor "Broadcom" for product "Integrated Threat Management" | 8.0 Search vendor "Broadcom" for product "Integrated Threat Management" and version "8.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Internet Security Suite Search vendor "Broadcom" for product "Internet Security Suite" | 1.0 Search vendor "Broadcom" for product "Internet Security Suite" and version "1.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Internet Security Suite Search vendor "Broadcom" for product "Internet Security Suite" | 2.0 Search vendor "Broadcom" for product "Internet Security Suite" and version "2.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Internet Security Suite Search vendor "Broadcom" for product "Internet Security Suite" | 3.0 Search vendor "Broadcom" for product "Internet Security Suite" and version "3.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Unicenter Network And Systems Management Search vendor "Broadcom" for product "Unicenter Network And Systems Management" | 3.0 Search vendor "Broadcom" for product "Unicenter Network And Systems Management" and version "3.0" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Unicenter Network And Systems Management Search vendor "Broadcom" for product "Unicenter Network And Systems Management" | 3.1 Search vendor "Broadcom" for product "Unicenter Network And Systems Management" and version "3.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Unicenter Network And Systems Management Search vendor "Broadcom" for product "Unicenter Network And Systems Management" | 11 Search vendor "Broadcom" for product "Unicenter Network And Systems Management" and version "11" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Unicenter Network And Systems Management Search vendor "Broadcom" for product "Unicenter Network And Systems Management" | 11.1 Search vendor "Broadcom" for product "Unicenter Network And Systems Management" and version "11.1" | - |
Affected
| ||||||
Ca Search vendor "Ca" | Etrust Secure Content Manager Search vendor "Ca" for product "Etrust Secure Content Manager" | 8.0 Search vendor "Ca" for product "Etrust Secure Content Manager" and version "8.0" | - |
Affected
| ||||||
Ca Search vendor "Ca" | Protection Suites Search vendor "Ca" for product "Protection Suites" | r2 Search vendor "Ca" for product "Protection Suites" and version "r2" | - |
Affected
| ||||||
Ca Search vendor "Ca" | Protection Suites Search vendor "Ca" for product "Protection Suites" | r3 Search vendor "Ca" for product "Protection Suites" and version "r3" | - |
Affected
|