What is CVE-2007-2864?

CVE-2007-2864 is a vulnerability in N/a. Published 2007-06-06.

Is CVE-2007-2864 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2007-2864

Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a…

EPSS: 0.806 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

24330 (vdb-entry, x_refsource_BID)
20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability (mailing-list, x_refsource_BUGTRAQ)
supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp (x_refsource_CONFIRM)
VU#105105 (x_refsource_CERT-VN, third-party-advisory)
ADV-2007-2072 (vdb-entry, x_refsource_VUPEN)
www.zerodayinitiative.com/advisories/ZDI-07-035.html (x_refsource_MISC)
20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
ca-multiple-antivirus-cofffiles-bo(34737) (vdb-entry, x_refsource_XF)
1018199 (vdb-entry, x_refsource_SECTRACK)
35245 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2007-2864?: CVE-2007-2864 is a vulnerability in N/a. Published 2007-06-06.
Is CVE-2007-2864 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.