Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-2864 to a friend New vulnerability? New tool? Tell us	CVE-2007-2864 CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability     Credit: The information has been provided by ZDI-07-035. The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-07-035.html Related article can be found at: http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-2864 Details Check for CVE-2007-2864 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Affected Products:  * CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8, r8.1  * CA Anti-Virus 2007 (v8)  * eTrust EZ Antivirus r7, r6.1  * CA Internet Security Suite 2007 (v3)  * eTrust Internet Security Suite r1, r2  * eTrust EZ Armor r1, r2, r3.x  * CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8  * CA Protection Suites r2, r3  * CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0  * CA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus Gateway) 7.1  * Unicenter Network and Systems Management (NSM) r3.0  * Unicenter Network and Systems Management (NSM) r3.1  * Unicenter Network and Systems Management (NSM) r11  * Unicenter Network and Systems Management (NSM) r11.1  * BrightStor ARCserve Backup r11.5  * BrightStor ARCserve Backup r11.1  * BrightStor ARCserve Backup r11 for Windows  * BrightStor Enterprise Backup r10.5  * BrightStor ARCserve Backup v9.01  * CA Common Services  * CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) The specific flaw exists within the processing of an improperly defined "coffFiles" field in .CAB archives. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow. Vendor Status: Computer Associates has issued an update to correct this vulnerability. More details can be found at: http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp CVE Information: CVE-2007-2864 Disclosure Timeline:  * 2007.02.16 - Vulnerability reported to vendor  * 2007.06.05 - Coordinated public release of advisory  Comments on CVE-2007-2864:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®