Vulnerability Name:

CVE-2007-2863 (CCN-34741)

Assigned:2007-06-05
Published:2007-06-05
Updated:2021-04-08
Summary:Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Jun 07 2007 - 10:43:02 CDT
[CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities

Source: MITRE
Type: CNA
CVE-2007-2863

Source: CCN
Type: SA25570
CA Anti-Virus Engine CAB Archive Processing Buffer Overflows

Source: SECUNIA
Type: Patch, Vendor Advisory
25570

Source: SREASON
Type: UNKNOWN
2790

Source: CCN
Type: SECTRACK ID: 1018199
CA Antivirus Stack Overflows in Processing Filenames and the `coffFiles` Parameter in CAB Files Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: CA SupportConnect June 5th, 2007
Security Notice for CA products implementing the Anti-Virus engine

Source: CONFIRM
Type: UNKNOWN
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp

Source: CCN
Type: US-CERT VU#739409
Computer Associates Anti-Virus engine fails to properly handle long file names in CAB archives

Source: CERT-VN
Type: US Government Resource
VU#739409

Source: OSVDB
Type: UNKNOWN
35244

Source: CCN
Type: OSVDB ID: 35244
CA Anti-Virus Engine CAB Archive Filename Parsing Overflow

Source: BUGTRAQ
Type: UNKNOWN
20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities

Source: BID
Type: Patch
24331

Source: CCN
Type: BID-24331
Computer Associates Anti-Virus Engine Malformed CAB Filename Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018199

Source: VUPEN
Type: UNKNOWN
ADV-2007-2072

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-034.html

Source: XF
Type: UNKNOWN
ca-multiple-antivirus-cab-bo(34741)

Source: XF
Type: UNKNOWN
ca-multiple-antivirus-cab-bo(34741)

Source: CCN
Type: ZDI-07-034
CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:2.1:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_backup:11.0:*:windows:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8:*:enterprise:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:-:*:*:*:*:*:*:*
  • OR cpe:/a:ca:antivirus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    broadcom anti-virus for the enterprise 8
    broadcom common services 1.0
    broadcom common services 1.1
    broadcom brightstor arcserve backup 9.01
    broadcom brightstor enterprise backup 10.5
    broadcom brightstor arcserve backup 11.5
    ca brightstor arcserve backup 11
    broadcom common services 2.2
    broadcom common services 3.0
    ca anti-virus for the enterprise 8
    broadcom brightstor arcserve backup 11.1
    broadcom common services 2.0
    broadcom common services 2.1
    ca etrust ez armor 2.0
    ca etrust ez antivirus 6.1
    ca etrust ez antivirus 7.0
    ca brightstor arcserve backup 11.0
    ca brightstor enterprise backup 10.5
    ca etrust antivirus gateway 7.1
    ca unicenter nsm 3.0
    ca unicenter nsm 3.1
    ca brightstor arcserve backup 11.1
    ca brightstor arcserve backup 11.5
    ca brightstor arcserve backup 9.01
    ca internet security suite 2007 3
    ca anti-virus for the enterprise 8
    ca etrust antivirus 8
    ca anti-virus for the enterprise 8.1
    ca etrust internet security suite 1
    ca etrust internet security suite 2
    ca etrust ez armor 1
    ca etrust ez armor 3
    ca threat manager 8
    ca protection suites 2
    ca protection suites 3.0
    ca secure content manager 8.0
    ca etrust antivirus 8.1
    ca anti-virus gateway 7.1
    ca common services -
    ca antivirus sdk *
    ca etrust integrated threat management 8.0
    ca etrust secure content manager 8.0