Vulnerability Name:

CVE-2007-2864 (CCN-34737)

Assigned:2007-06-05
Published:2007-06-05
Updated:2021-04-14
Summary:Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Jun 07 2007 - 10:43:02 CDT
[CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities

Source: MITRE
Type: CNA
CVE-2007-2864

Source: CCN
Type: SA25570
CA Anti-Virus Engine CAB Archive Processing Buffer Overflows

Source: SECUNIA
Type: Patch, Vendor Advisory
25570

Source: CCN
Type: SECTRACK ID: 1018199
CA Antivirus Stack Overflows in Processing Filenames and the `coffFiles` Parameter in CAB Files Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: CA SupportConnect June 5th, 2007
Security Notice for CA products implementing the Anti-Virus engine

Source: CONFIRM
Type: UNKNOWN
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp

Source: CCN
Type: US-CERT VU#105105
Computer Associates Anti-Virus engine fails to properly handle malformed CAB archives

Source: CERT-VN
Type: US Government Resource
VU#105105

Source: OSVDB
Type: UNKNOWN
35245

Source: CCN
Type: OSVDB ID: 35244
CA Anti-Virus Engine CAB Archive Filename Parsing Overflow

Source: CCN
Type: OSVDB ID: 35245
CA Anti-Virus Engine CAB Header Parsing Overflow

Source: BUGTRAQ
Type: UNKNOWN
20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities

Source: BID
Type: Patch
24330

Source: CCN
Type: BID-24330
Computer Associates Multiple Products Remote Stack Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018199

Source: VUPEN
Type: UNKNOWN
ADV-2007-2072

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-035.html

Source: XF
Type: UNKNOWN
ca-multiple-antivirus-cofffiles-bo(34737)

Source: XF
Type: UNKNOWN
ca-multiple-antivirus-cofffiles-bo(34737)

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [06-05-2007]
CA Antivirus Engine CAB Buffer Overflow

Source: CCN
Type: ZDI-07-035
CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:internet_security_suite:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:internet_security_suite:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8::enterprise:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:-:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:antivirus_sdk:-:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom anti-virus for the enterprise 8
    broadcom brightstor arcserve backup 9.01
    broadcom brightstor arcserve backup 10.5
    broadcom brightstor arcserve backup 11
    broadcom brightstor arcserve backup 11.1
    broadcom brightstor arcserve backup 11.5
    broadcom common services 1.0
    broadcom common services 1.1
    broadcom common services 2.0
    broadcom common services 2.1
    broadcom common services 2.2
    broadcom common services 3.0
    broadcom etrust antivirus 8.0
    broadcom etrust antivirus 8.1
    broadcom etrust antivirus gateway 7.1
    broadcom etrust antivirus sdk *
    broadcom etrust ez antivirus 6.1
    broadcom etrust ez antivirus 7.0
    broadcom etrust ez armor 1.0
    broadcom etrust ez armor 2.0
    broadcom etrust ez armor 3.0
    broadcom etrust ez armor 3.1
    broadcom integrated threat management 8.0
    broadcom internet security suite 1.0
    broadcom internet security suite 2.0
    broadcom internet security suite 3.0
    broadcom unicenter network and systems management 3.0
    broadcom unicenter network and systems management 3.1
    broadcom unicenter network and systems management 11
    broadcom unicenter network and systems management 11.1
    ca etrust secure content manager 8.0
    ca protection suites r2
    ca protection suites r3
    broadcom etrust ez armor 2.0
    broadcom etrust ez antivirus 6.1
    broadcom etrust ez antivirus 7.0
    ca brightstor arcserve backup 11
    broadcom brightstor enterprise backup 10.5
    broadcom etrust antivirus gateway 7.1
    ca unicenter nsm 3.0
    ca unicenter nsm 3.1
    broadcom brightstor arcserve backup 11.1
    broadcom brightstor arcserve backup 11.5
    broadcom brightstor arcserve backup 9.01
    ca internet security suite 2007 3
    broadcom anti-virus for the enterprise 8
    broadcom etrust antivirus 8
    broadcom anti-virus for the enterprise 8.1
    broadcom etrust internet security suite 1
    broadcom etrust internet security suite 2
    broadcom etrust ez armor 1
    broadcom etrust ez armor 3
    ca threat manager 8
    ca protection suites 2
    ca protection suites 3.0
    broadcom secure content manager 8.0
    broadcom etrust antivirus 8.1
    ca anti-virus gateway 7.1
    broadcom common services -
    ca antivirus sdk -
    broadcom etrust integrated threat management 8.0
    ca etrust secure content manager 8.0