Vulnerability in N/a
CVE-2007-2863
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
EPSS: 0.522 (98.0th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- ca-multiple-antivirus-cab-bo(34741) (vdb-entry, x_refsource_XF)
- 2790 (x_refsource_SREASON, third-party-advisory)
- supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp (x_refsource_CONFIRM)
- 20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability (mailing-list, x_refsource_BUGTRAQ)
- ADV-2007-2072 (vdb-entry, x_refsource_VUPEN)
- 24331 (vdb-entry, x_refsource_BID)
- 20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
- 35244 (x_refsource_OSVDB, vdb-entry)
- 1018199 (vdb-entry, x_refsource_SECTRACK)
- www.zerodayinitiative.com/advisories/ZDI-07-034.html (x_refsource_MISC)