Info

Disclosure

Jun 05, 2007

Discovery

Nov 08, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

A buffer overflow exists in multiple CA products. The Anti-Virus engine fails to validate CAB archive files resulting in a stack overflow. With a specially crafted CAB containing a file with a long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, CA has released a patch to address this vulnerability.

Products

CA	Anti-Virus for the Enterprise	r8
	Anti-Virus for the Enterprise	R8.1
	Anti-Virus	2007 (v8)
	eTrust EZ Antivirus	r7
	eTrust EZ Antivirus	R6.1
	Internet Security Suite	2007 (v3)
	eTrust Internet Security Suite	R1
	eTrust Internet Security Suite	r2
	eTrust EZ Armor	R1
		r2
		r3.x
	Threat Manager for the Enterprise	r8
	Protection Suites	r2
	Protection Suites	R3
	Secure Content Manager	8.0
	Anti-Virus Gateway	7.1
	Unicenter Network and Systems Management	r3.0
		r3.1
		r11
		r11.1
	BrightStor ARCserve Backup	r11.5
		r11.1
		r11 for Windows
		r10.5
		v9.01
	Common Services	Unknown or Unspecified
	Anti-Virus SDK	Unknown or Unspecified

References

Security Tracker: 1018199
CVE ID: 2007-2864 (see also: NVD)
Secunia Advisory ID: 25570
ISS X-Force ID: 34737
VUPEN Advisory: ADV-2007-2072

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/35244

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

CA

Anti-Virus for the Enterprise

Anti-Virus

eTrust EZ Antivirus

Internet Security Suite

eTrust Internet Security Suite

eTrust EZ Armor

Threat Manager for the Enterprise

Protection Suites

Secure Content Manager

Anti-Virus Gateway

Unicenter Network and Systems Management

BrightStor ARCserve Backup

Common Services

Anti-Virus SDK

References

Credit