Vulnerabilites related to ca - anti-virus_for_the_enterprise
cve-2007-3825
Vulnerability from cvelistv5
Published
2007-07-18 23:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/26088 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1018405 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1018402 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1018404 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/24947 | vdb-entry, x_refsource_BID | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securitytracker.com/id?1018406 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1018403 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35467 | vdb-entry, x_refsource_XF | |
| http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/2559 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26088"
},
{
"name": "1018405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018405"
},
{
"name": "1018402",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018402"
},
{
"name": "1018404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018404"
},
{
"name": "24947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24947"
},
{
"name": "20070717 Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561"
},
{
"name": "1018406",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018406"
},
{
"name": "1018403",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018403"
},
{
"name": "ca-alertnotification-bo(35467)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp"
},
{
"name": "ADV-2007-2559",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26088"
},
{
"name": "1018405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018405"
},
{
"name": "1018402",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018402"
},
{
"name": "1018404",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018404"
},
{
"name": "24947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24947"
},
{
"name": "20070717 Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561"
},
{
"name": "1018406",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018406"
},
{
"name": "1018403",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018403"
},
{
"name": "ca-alertnotification-bo(35467)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp"
},
{
"name": "ADV-2007-2559",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26088"
},
{
"name": "1018405",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018405"
},
{
"name": "1018402",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018402"
},
{
"name": "1018404",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018404"
},
{
"name": "24947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24947"
},
{
"name": "20070717 Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561"
},
{
"name": "1018406",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018406"
},
{
"name": "1018403",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018403"
},
{
"name": "ca-alertnotification-bo(35467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35467"
},
{
"name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp"
},
{
"name": "ADV-2007-2559",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3825",
"datePublished": "2007-07-18T23:00:00",
"dateReserved": "2007-07-17T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3587
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-08-07 06:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 | x_refsource_CONFIRM | |
| http://osvdb.org/58691 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/36976 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1022999 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2009/2852 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53697 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/507068/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/36653 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "58691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58691"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "ca-rar-code-execution(53697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "58691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58691"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "ca-rar-code-execution(53697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "58691",
"refsource": "OSVDB",
"url": "http://osvdb.org/58691"
},
{
"name": "36976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "ca-rar-code-execution(53697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3587",
"datePublished": "2009-10-13T10:00:00",
"dateReserved": "2009-10-08T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2523
Vulnerability from cvelistv5
Published
2007-05-11 03:55
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1018043 | vdb-entry, x_refsource_SECTRACK | |
| http://blog.48bits.com/?p=103 | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2007/1750 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/23906 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/788416 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.osvdb.org/34586 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/25202 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/468306/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530 | third-party-advisory, x_refsource_IDEFENSE | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
},
{
"name": "1018043",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.48bits.com/?p=103"
},
{
"name": "ADV-2007-1750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1750"
},
{
"name": "23906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23906"
},
{
"name": "VU#788416",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/788416"
},
{
"name": "34586",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34586"
},
{
"name": "25202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25202"
},
{
"name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
},
{
"name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
},
{
"name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
},
{
"name": "1018043",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.48bits.com/?p=103"
},
{
"name": "ADV-2007-1750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1750"
},
{
"name": "23906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23906"
},
{
"name": "VU#788416",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/788416"
},
{
"name": "34586",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34586"
},
{
"name": "25202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25202"
},
{
"name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
},
{
"name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
},
{
"name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
},
{
"name": "1018043",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018043"
},
{
"name": "http://blog.48bits.com/?p=103",
"refsource": "MISC",
"url": "http://blog.48bits.com/?p=103"
},
{
"name": "ADV-2007-1750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1750"
},
{
"name": "23906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23906"
},
{
"name": "VU#788416",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/788416"
},
{
"name": "34586",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34586"
},
{
"name": "25202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25202"
},
{
"name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
},
{
"name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
},
{
"name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2523",
"datePublished": "2007-05-11T03:55:00",
"dateReserved": "2007-05-08T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2863
Vulnerability from cvelistv5
Published
2007-06-06 21:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34741 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/2790 | third-party-advisory, x_refsource_SREASON | |
| http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/470601/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2007/2072 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/24331 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/470754/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/35244 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1018199 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-034.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/739409 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/25570 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:53.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ca-multiple-antivirus-cab-bo(34741)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
},
{
"name": "2790",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2790"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"name": "20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"name": "ADV-2007-2072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"name": "24331",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24331"
},
{
"name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"name": "35244",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35244"
},
{
"name": "1018199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018199"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"name": "VU#739409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"name": "25570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ca-multiple-antivirus-cab-bo(34741)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
},
{
"name": "2790",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2790"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"name": "20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"name": "ADV-2007-2072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"name": "24331",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24331"
},
{
"name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"name": "35244",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35244"
},
{
"name": "1018199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018199"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"name": "VU#739409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"name": "25570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ca-multiple-antivirus-cab-bo(34741)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
},
{
"name": "2790",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2790"
},
{
"name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"name": "20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"name": "ADV-2007-2072",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"name": "24331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24331"
},
{
"name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"name": "35244",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35244"
},
{
"name": "1018199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018199"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"name": "VU#739409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"name": "25570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2863",
"datePublished": "2007-06-06T21:00:00",
"dateReserved": "2007-05-24T00:00:00",
"dateUpdated": "2024-08-07T13:57:53.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3588
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-08-07 06:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53698 | vdb-entry, x_refsource_XF | |
| http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/36976 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1022999 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2009/2852 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/507068/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/36653 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ca-rar-dos(53698)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ca-rar-dos(53698)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ca-rar-dos(53698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "36976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3588",
"datePublished": "2009-10-13T10:00:00",
"dateReserved": "2009-10-08T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2024-11-21 01:07
Severity ?
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2007:8:*:*:*:*:*:*",
"matchCriteriaId": "C469EBBE-EE96-4CED-BD8C-36461750C6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E892B-0EE8-4B76-97B8-0BAF17E83F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "11BCD267-E8CE-4A97-B769-5F4CAF9830D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "865B7BD2-3AD1-41CA-842B-47BC4F1426DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2FA702-184A-44FF-8DEA-7811804EE175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D301B65D-A20B-4991-A0D8-DFE3363F162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A08C715-A351-466D-99EC-006C106A3366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*",
"matchCriteriaId": "05185A74-8484-419D-A3CE-8603928AF0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52C533CA-ACB7-4C0F-98E2-B5E51E24A554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD8D5F0-9606-4BBA-B7F9-ACD089B84DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69184A5E-4FA9-4896-B6E8-1B9D4D62D099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F30C4FF9-DB76-4B3F-9582-752097B3D521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF55705-42ED-4503-8534-FDEA365E84E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB548763-E1A7-4DB1-BE86-ED5AA1CA81BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "6B28429A-F343-4BE8-A94D-5A5AC3F6258C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF64064-1C35-4888-BBC2-52F68EF9517F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DADD1E6-3454-4C1E-AD46-82D79CB8F528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E02DA21-B25B-4626-BFDC-61AA8AF3537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFA39E3-A614-4A64-B29C-86D6F12F1557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4434A4-EE82-46A1-9293-345991515369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD3B48-C978-4FDB-B157-85F3E971446B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "6050CADE-7BAF-45B7-A031-F70558C7CE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0186ADA-0E20-4E14-B9D5-19CDFC1BD98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD75FF0F-A36C-40AF-A99E-1596A6A6FE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_plus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "BED8CEF9-6AEC-4771-98F7-051E4B3E0848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5603FDAD-A347-4A44-BC45-1ADC44601D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5086D7CF-EBAB-4E30-98E0-0D276CC1C707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:common_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FAD043E-3ABE-46D7-AD17-A68858692A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C13B0E1-DCEE-46E5-81A3-C08C07C58B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257CC950-F1BB-4D0A-9B05-98A58DB67532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_ez_antivirus:r7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A641A2-4147-4C41-B102-18417ECA9339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "29FEABEE-DC17-4620-B088-B24249865931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:gateway_security:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B44F941C-83DC-4EDA-B258-C35F5EDA819E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0281F80B-CF9C-482D-B7A9-3B2651BD0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F7E184-EA23-487C-83ED-65CF8DD2DB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951062B1-C72B-4EAF-BA54-6986434036FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC845898-3D77-4793-971E-5E1555ED9CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0115D81C-2CA2-424C-BE4B-0896C9ADA68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:r8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A38801CD-167E-408E-89BD-52BB1B89041B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AEE8BC-8D0E-464F-88B7-5C2C2D372AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8713893-59CE-486A-9262-E755A8F2D58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente arclib en el motor Anti-Virus en CA Anti-Virus para Enterprise (formalmente eTrust Antivirus) v7.1 hasta v8.1; Anti-Virus 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) hasta Plus 2009; y otros productos CA permite a atacantes remotos causar una denegaci\u00f3n de servicio y ejecutar probablemente c\u00f3digo de su elecci\u00f3n a trav\u00e9s del archivo RAR manipulado que provoca una corrupci\u00f3n de la memoria din\u00e1mica, una vulnerabilidad diferente que CVE-2009-3588."
}
],
"id": "CVE-2009-3587",
"lastModified": "2024-11-21T01:07:44.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-13T10:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/58691"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/58691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2024-11-21 01:07
Severity ?
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2007:8:*:*:*:*:*:*",
"matchCriteriaId": "C469EBBE-EE96-4CED-BD8C-36461750C6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E892B-0EE8-4B76-97B8-0BAF17E83F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "11BCD267-E8CE-4A97-B769-5F4CAF9830D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "865B7BD2-3AD1-41CA-842B-47BC4F1426DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2FA702-184A-44FF-8DEA-7811804EE175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D301B65D-A20B-4991-A0D8-DFE3363F162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A08C715-A351-466D-99EC-006C106A3366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*",
"matchCriteriaId": "05185A74-8484-419D-A3CE-8603928AF0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52C533CA-ACB7-4C0F-98E2-B5E51E24A554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD8D5F0-9606-4BBA-B7F9-ACD089B84DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69184A5E-4FA9-4896-B6E8-1B9D4D62D099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F30C4FF9-DB76-4B3F-9582-752097B3D521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF55705-42ED-4503-8534-FDEA365E84E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB548763-E1A7-4DB1-BE86-ED5AA1CA81BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "6B28429A-F343-4BE8-A94D-5A5AC3F6258C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF64064-1C35-4888-BBC2-52F68EF9517F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DADD1E6-3454-4C1E-AD46-82D79CB8F528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E02DA21-B25B-4626-BFDC-61AA8AF3537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFA39E3-A614-4A64-B29C-86D6F12F1557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4434A4-EE82-46A1-9293-345991515369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD3B48-C978-4FDB-B157-85F3E971446B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "6050CADE-7BAF-45B7-A031-F70558C7CE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0186ADA-0E20-4E14-B9D5-19CDFC1BD98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD75FF0F-A36C-40AF-A99E-1596A6A6FE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_plus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "BED8CEF9-6AEC-4771-98F7-051E4B3E0848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5603FDAD-A347-4A44-BC45-1ADC44601D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5086D7CF-EBAB-4E30-98E0-0D276CC1C707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:common_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FAD043E-3ABE-46D7-AD17-A68858692A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C13B0E1-DCEE-46E5-81A3-C08C07C58B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257CC950-F1BB-4D0A-9B05-98A58DB67532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_ez_antivirus:r7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A641A2-4147-4C41-B102-18417ECA9339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "29FEABEE-DC17-4620-B088-B24249865931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:gateway_security:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B44F941C-83DC-4EDA-B258-C35F5EDA819E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0281F80B-CF9C-482D-B7A9-3B2651BD0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F7E184-EA23-487C-83ED-65CF8DD2DB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951062B1-C72B-4EAF-BA54-6986434036FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC845898-3D77-4793-971E-5E1555ED9CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0115D81C-2CA2-424C-BE4B-0896C9ADA68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:r8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A38801CD-167E-408E-89BD-52BB1B89041B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AEE8BC-8D0E-464F-88B7-5C2C2D372AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:arcserve_backup:r12.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0486108C-E36C-4746-919E-C760E10EBAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:arcserve_backup:r12.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CD2F60F0-E8B8-46E6-932E-DF9F4457B47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8713893-59CE-486A-9262-E755A8F2D58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587."
},
{
"lang": "es",
"value": "Vulnerabilidad inespec\u00edfica en el componente arclib en el motor antivirus en CA Anti-Virus para empresas (anteriormente eTrust Antivirus) desde v7.1 hasta r8.1; Anti-Virus desde 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite desde 2007 (v3) hasta Plus 2009; y otros productos de CA permite a atacantes remotos producir una denegaci\u00f3n de servicio a trav\u00e9s de un archivo RAR manipulado que inicia la corrupci\u00f3n de la pila, una vulnerabilidad diferente que CVE-2009-3587."
}
],
"id": "CVE-2009-3588",
"lastModified": "2024-11-21T01:07:44.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-13T10:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-18 23:30
Modified
2024-11-21 00:34
Severity ?
Summary
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | alert_notification_server | * | |
| broadcom | brightstor_arcserve_backup | 9.01 | |
| broadcom | brightstor_arcserve_backup | 11.1 | |
| broadcom | brightstor_arcserve_backup | 11.5 | |
| broadcom | brightstor_enterprise_backup | 10.5 | |
| ca | anti-virus_for_the_enterprise | 8 | |
| ca | brightstor_arcserve_backup | 11 | |
| ca | brightstor_arcserve_client | * | |
| ca | protection_suites | r3 | |
| ca | threat_manager | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:alert_notification_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9064AD0-B246-4061-8200-D0999A62987D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0662407D-B0D7-4C4A-9F11-D438ED0A186D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
"matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:brightstor_arcserve_client:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "BF07EC08-D4C8-415B-86DB-E73E97EEFCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "45FA6D91-063C-41FC-B2C4-07B9E043FAFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en la implementaci\u00f3n RPC en alert.exe versiones anteriores a 8.0.255.0 en CA (anteriormente denominado Computer Associates) Alert Notification Server, tal y como se usa en Threat Manager for the Enterprise, Protection Suites, determinados productos BrightStor ARCserve, y BrightStor Enterprise Backup, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n enviando determinados datos a procedimientos RPC no especificados."
}
],
"id": "CVE-2007-3825",
"lastModified": "2024-11-21T00:34:09.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-18T23:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26088"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24947"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018402"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018403"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018404"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018405"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018406"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2559"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35467"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-11 04:20
Modified
2024-11-21 00:30
Severity ?
Summary
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | integrated_threat_management | 8.0 | |
| ca | anti-virus_for_the_enterprise | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C167CC34-95AE-45CD-A1CE-64FF738DE25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0662407D-B0D7-4C4A-9F11-D438ED0A186D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0."
},
{
"lang": "es",
"value": "El Anti-Virus CA para la Enterprise r8 y el Threat Manager r8 antes del 20070510 usa permisos d\u00e9biles (seguridad de descriptor NULL) para el fichero de mapeo compartido del Task Service, lo cual permite a usuarios locales modificar este mapeo y obtener privilegios mediante el disparo de un desbordamiento de b\u00fafer basado en pila en el InoCore.dll en versiones anteriores a 8.0.448.0."
}
],
"evaluatorSolution": "The Computer Associates Integrated Threat Manager product is only vulnerable if it is release 8.0 before 2007-05-10.",
"id": "CVE-2007-2523",
"lastModified": "2024-11-21T00:30:59.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-11T04:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.48bits.com/?p=103"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25202"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788416"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/34586"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23906"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018043"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.48bits.com/?p=103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/34586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1750"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-06 21:30
Modified
2024-11-21 00:31
Severity ?
Summary
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | anti-virus_for_the_enterprise | 8 | |
| broadcom | brightstor_arcserve_backup | 9.01 | |
| broadcom | brightstor_arcserve_backup | 11.1 | |
| broadcom | brightstor_arcserve_backup | 11.5 | |
| broadcom | brightstor_enterprise_backup | 10.5 | |
| broadcom | common_services | 1.0 | |
| broadcom | common_services | 1.1 | |
| broadcom | common_services | 2.0 | |
| broadcom | common_services | 2.1 | |
| broadcom | common_services | 2.2 | |
| broadcom | common_services | 3.0 | |
| ca | anti-virus_for_the_enterprise | 8 | |
| ca | brightstor_arcserve_backup | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B76576-ABB1-439E-80B0-0B5AAE14BA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0DD264-59A8-4B76-8D7F-138AEA7B1912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "062DB370-929D-4FE1-A925-2FB5706C9409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7957A4-D763-488F-B2B1-E00F428AD1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5A6578-902D-4D9F-AB19-C6484E878CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E79928-E5E2-42E5-9E09-58ADF9E76A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7587982-C722-4754-8744-8C7D43E191B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0662407D-B0D7-4C4A-9F11-D438ED0A186D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
"matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el motor Anti-Virus antes de contener la actualizaci\u00f3n 30.6 en m\u00faltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un nombre de fichero largo en el fichero .CAB."
}
],
"id": "CVE-2007-2863",
"lastModified": "2024-11-21T00:31:50.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-06T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25570"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2790"
},
{
"source": "cve@mitre.org",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35244"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24331"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018199"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}