Computer Security
[EN] securityvulns.ru no-pyccku


CA multiple antiviral products buffer overflow
updated since 06.06.2007
Published:11.06.2007
Source:
SecurityVulns ID:7784
Type:remote
Threat Level:
7/10
Description:Buffer overflow on CAB archives parsing.
CVE:CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.)
 CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.)
Original documentdocumentCA, [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities (11.06.2007)
 documentZDI, [Full-disclosure] ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability (06.06.2007)
 documentZDI, ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability (06.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod