CVE-2007-2864

Description

Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.

Affected products

• Broadcom / anti-virus_for_the_enterprise8 – 8
• Broadcom / brightstor_arcserve_backup9.01 – 9.01
• Broadcom / brightstor_arcserve_backup10.5 – 10.5
• Broadcom / brightstor_arcserve_backup11 – 11
• Broadcom / brightstor_arcserve_backup11.1 – 11.1
• Broadcom / brightstor_arcserve_backup11.5 – 11.5
• Broadcom / common_services1.0 – 1.0
• Broadcom / common_services1.1 – 1.1
• Broadcom / common_services2.0 – 2.0
• Broadcom / common_services2.1 – 2.1
• Broadcom / common_services2.2 – 2.2
• Broadcom / common_services3.0 – 3.0
• Broadcom / etrust_antivirus8.0 – 8.0
• Broadcom / etrust_antivirus8.1 – 8.1
• Broadcom / etrust_antivirus_gateway7.1 – 7.1
• Broadcom / etrust_antivirus_sdk
• Broadcom / etrust_ez_antivirus6.1 – 6.1
• Broadcom / etrust_ez_antivirus7.0 – 7.0
• Broadcom / etrust_ez_armor1.0 – 1.0
• Broadcom / etrust_ez_armor2.0 – 2.0
• Broadcom / etrust_ez_armor3.0 – 3.0
• Broadcom / etrust_ez_armor3.1 – 3.1
• Broadcom / integrated_threat_management8.0 – 8.0
• Broadcom / internet_security_suite1.0 – 1.0
• Broadcom / internet_security_suite2.0 – 2.0
• Broadcom / internet_security_suite3.0 – 3.0
• Broadcom / unicenter_network_and_systems_management3.0 – 3.0
• Broadcom / unicenter_network_and_systems_management3.1 – 3.1
• Broadcom / unicenter_network_and_systems_management11 – 11
• Broadcom / unicenter_network_and_systems_management11.1 – 11.1
• ca / etrust_secure_content_manager8.0 – 8.0
• ca / protection_suitesr2 – r2
• ca / protection_suitesr3 – r3

References

• MISChttp://www.securityfocus.com/bid/24330
• MISChttp://www.securityfocus.com/archive/1/470602/100/0/threaded
• MISChttp://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp
• MISChttp://www.kb.cert.org/vuls/id/105105
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/2072
• VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-07-035.html
• MISChttp://www.securityfocus.com/archive/1/470754/100/0/threaded
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/34737
• MISChttp://www.securitytracker.com/id?1018199
• MISChttp://www.osvdb.org/35245
• VENDOR_ADVISORYhttp://secunia.com/advisories/25570