Vulnerability Name:

CVE-2005-1693 (CCN-20686)

Assigned:2005-05-23
Published:2005-05-23
Updated:2021-04-09
Summary:Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: Patch
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1588

Source: MITRE
Type: CNA
CVE-2005-1693

Source: BUGTRAQ
Type: UNKNOWN
20050523 Computer Associates Vet Antivirus Library Remote Heap Overflow

Source: CCN
Type: BugTraq Mailing List, 2005-05-27 19:02:34
RE: CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability

Source: CCN
Type: SA15470
CA Multiple Products Vet Antivirus Engine Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
15470

Source: CCN
Type: SA15479
Zonelabs ZoneAlarm Vet Antivirus Engine Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
15479

Source: CCN
Type: SECTRACK ID: 1014050
Computer Associates eTrust Antivirus Integer Overflow in Processing Microsoft OLE Data Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1014050

Source: CCN
Type: Vet Antivirus Web page
Vet Anti-Virus Online

Source: CCN
Type: OSVDB ID: 16780
CA Multiple Products Vet Engine OLE Stream Remote Overflow

Source: CCN
Type: OSVDB ID: 16800
ZoneAlarm Vet Anti-Virus Engine Remote Overflow

Source: CCN
Type: Remote.com Web site
Computer Associates Vet Antivirus Remote Heap Overflow Security Advisory

Source: MISC
Type: UNKNOWN
http://www.rem0te.com/public/images/vet.pdf

Source: BID
Type: Vendor Advisory
13710

Source: CCN
Type: BID-13710
Computer Associates Vet Library Remote Heap Overflow Vulnerability

Source: MISC
Type: Patch, Vendor Advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896

Source: XF
Type: UNKNOWN
ca-vet-antivirus-bo(20686)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_antivirus:7.1:*:gateway:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor_le:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:1.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:zonelabs:zonealarm:*:*:*:*:*:*:*:*
  • OR cpe:/a:zonelabs:zonealarm_antivirus:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_backup:11.1:*:windows:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_ee:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_ee:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor_le:3.0.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.4.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:inoculateit:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:vet_antivirus:10.66:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_antivirus:7.0:*:gateway:*:*:*:*:*
  • OR cpe:/a:ca:etrust_antivirus:7.0_sp2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.0:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:broadcom:inoculateit:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:zonealarm_security_suite:-:*:*:*:*:*:*:*
  • OR cpe:/a:zonelabs:zonealarm_antivirus:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.4.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:vet_antivirus:10.66:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    broadcom etrust antivirus 7.1
    ca etrust antivirus 7.1
    broadcom etrust ez armor 2.4.4
    broadcom etrust ez armor le 2.0
    ca etrust secure content manager 1.0 sp1
    broadcom etrust secure content manager 1.1
    broadcom etrust antivirus 6.0
    broadcom etrust antivirus 7.0
    broadcom etrust ez armor 1.0
    broadcom etrust ez armor 2.0
    broadcom etrust intrusion detection 1.4.5
    broadcom etrust intrusion detection 1.5
    broadcom etrust intrusion detection 3.0
    zonelabs zonealarm *
    zonelabs zonealarm antivirus *
    ca brightstor arcserve backup 11.1
    broadcom etrust antivirus ee 6.0
    broadcom etrust antivirus ee 7.0
    broadcom etrust ez armor le 3.0.0.14
    broadcom etrust intrusion detection 1.4.1.13
    broadcom inoculateit 6.0
    ca vet antivirus 10.66
    ca etrust antivirus 7.0
    ca etrust antivirus 7.0_sp2
    broadcom etrust ez armor 2.3
    broadcom etrust ez armor 2.4
    ca etrust intrusion detection 3.0 sp1
    broadcom etrust secure content manager 1.0
    ca inoculateit 6.0
    ca etrust antivirus 6.0
    ca etrust antivirus 7.0
    ca etrust antivirus 7.1
    ca etrust ez armor 2.0
    ca etrust ez armor 2.3
    ca etrust ez armor 2.4
    ca etrust intrusion detection 3.0
    ca etrust antivirus gateway 7.0
    ca etrust antivirus gateway 7.1
    checkpoint zonealarm security suite -
    zonelabs zonealarm antivirus *
    ca etrust intrusion detection 3.0 sp1
    ca etrust ez armor 1.0
    ca etrust ez armor 2.4.4
    ca etrust intrusion detection 1.4.1.13
    ca etrust intrusion detection 1.4.5
    ca etrust intrusion detection 1.5
    ca etrust secure content manager 1.0
    ca etrust secure content manager 1.1
    ca vet antivirus 10.66