cvelistv5 - CVE-2007-2864

CVE-2007-2864

Vulnerability from cvelistv5

Published

2007-06-06 21:00

Modified

2024-08-07 13:57

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/25570	Patch, Vendor Advisory
cve@mitre.org	http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp
cve@mitre.org	http://www.kb.cert.org/vuls/id/105105	US Government Resource
cve@mitre.org	http://www.osvdb.org/35245
cve@mitre.org	http://www.securityfocus.com/archive/1/470602/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/470754/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/24330	Patch
cve@mitre.org	http://www.securitytracker.com/id?1018199
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2072
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-07-035.html
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34737
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25570	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/105105	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/35245
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/470602/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/470754/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24330	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018199
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2072
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-07-035.html
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34737

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:54.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24330",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24330"
          },
          {
            "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
          },
          {
            "name": "VU#105105",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/105105"
          },
          {
            "name": "ADV-2007-2072",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2072"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
          },
          {
            "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
          },
          {
            "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
          },
          {
            "name": "1018199",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018199"
          },
          {
            "name": "35245",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/35245"
          },
          {
            "name": "25570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25570"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24330",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24330"
        },
        {
          "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
        },
        {
          "name": "VU#105105",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/105105"
        },
        {
          "name": "ADV-2007-2072",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2072"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
        },
        {
          "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
        },
        {
          "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
        },
        {
          "name": "1018199",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018199"
        },
        {
          "name": "35245",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/35245"
        },
        {
          "name": "25570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25570"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2864",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24330",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24330"
            },
            {
              "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
            },
            {
              "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
            },
            {
              "name": "VU#105105",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/105105"
            },
            {
              "name": "ADV-2007-2072",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2072"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
            },
            {
              "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
            },
            {
              "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
            },
            {
              "name": "1018199",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018199"
            },
            {
              "name": "35245",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/35245"
            },
            {
              "name": "25570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25570"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2864",
    "datePublished": "2007-06-06T21:00:00",
    "dateReserved": "2007-05-24T00:00:00",
    "dateUpdated": "2024-08-07T13:57:54.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6B76576-ABB1-439E-80B0-0B5AAE14BA45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"443AB333-2C99-42FF-8F4E-A487BF588E85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C339825-77F9-478A-B1F7-A297D5715396\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E37161BE-6AF5-40E0-BD63-2C17431D8B36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"477EE032-D183-478F-A2BF-6165277A7414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:common_services:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A0DD264-59A8-4B76-8D7F-138AEA7B1912\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:common_services:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"062DB370-929D-4FE1-A925-2FB5706C9409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:common_services:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D7957A4-D763-488F-B2B1-E00F428AD1AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:common_services:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F5A6578-902D-4D9F-AB19-C6484E878CEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:common_services:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2E79928-E5E2-42E5-9E09-58ADF9E76A74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:common_services:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7587982-C722-4754-8744-8C7D43E191B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_antivirus:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71D3160D-539D-4E26-8B0B-C372315EE700\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52C533CA-ACB7-4C0F-98E2-B5E51E24A554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DD2FE1C-8894-41EC-B686-932F0ACC41C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_antivirus_sdk:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4996345-E5B0-42E2-8592-41B9BC805740\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7D938FC-E8E6-4709-BF6D-EF4833AF7D7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"538F7CEC-D8A8-444F-9A9C-D1FF01EA7450\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_ez_armor:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"714BCFBA-B843-4C14-AA78-F7CF17899D28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C61D9546-7619-465B-B3CA-C60218CD574B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_ez_armor:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59035C39-14BA-4874-8874-75AA52D9AA38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:etrust_ez_armor:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4292DD3A-6B79-43E0-8D2F-267375A3CBF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C167CC34-95AE-45CD-A1CE-64FF738DE25E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:internet_security_suite:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74F3CAC8-447B-467B-87C1-DD565B41515A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:internet_security_suite:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B61BE84B-3BDA-489E-94E8-187A1B0F9281\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"285013A5-E058-4B2B-B8B6-1BFF72388589\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EFA39E3-A614-4A64-B29C-86D6F12F1557\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B4434A4-EE82-46A1-9293-345991515369\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43CD3B48-C978-4FDB-B157-85F3E971446B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DB54A16-5E56-46FC-A49C-56C98C0B8F1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47C10BA4-B241-4F65-8FA1-AD88266C03B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en pila en el motor antivirus anterior a la actualizaci\\u00f3n de contenido 30.6 de m\\u00faltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n  mediante un valor largo no v\\u00e1lido del campo coffFiles en un fichero .CAB.\"}]",
      "id": "CVE-2007-2864",
      "lastModified": "2024-11-21T00:31:50.643",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-06-06T21:30:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/25570\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/105105\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/35245\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470602/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470754/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24330\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1018199\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2072\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-07-035.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34737\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25570\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/105105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/35245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470602/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470754/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24330\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1018199\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2072\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-07-035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34737\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2864\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-06-06T21:30:00.000\",\"lastModified\":\"2024-11-21T00:31:50.643\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en el motor antivirus anterior a la actualizaci\u00f3n de contenido 30.6 de m\u00faltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n  mediante un valor largo no v\u00e1lido del campo coffFiles en un fichero .CAB.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B76576-ABB1-439E-80B0-0B5AAE14BA45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"443AB333-2C99-42FF-8F4E-A487BF588E85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C339825-77F9-478A-B1F7-A297D5715396\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37161BE-6AF5-40E0-BD63-2C17431D8B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477EE032-D183-478F-A2BF-6165277A7414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:common_services:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A0DD264-59A8-4B76-8D7F-138AEA7B1912\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:common_services:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062DB370-929D-4FE1-A925-2FB5706C9409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:common_services:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D7957A4-D763-488F-B2B1-E00F428AD1AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:common_services:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F5A6578-902D-4D9F-AB19-C6484E878CEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:common_services:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2E79928-E5E2-42E5-9E09-58ADF9E76A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:common_services:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7587982-C722-4754-8744-8C7D43E191B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_antivirus:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D3160D-539D-4E26-8B0B-C372315EE700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52C533CA-ACB7-4C0F-98E2-B5E51E24A554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DD2FE1C-8894-41EC-B686-932F0ACC41C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_antivirus_sdk:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4996345-E5B0-42E2-8592-41B9BC805740\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7D938FC-E8E6-4709-BF6D-EF4833AF7D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"538F7CEC-D8A8-444F-9A9C-D1FF01EA7450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_ez_armor:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"714BCFBA-B843-4C14-AA78-F7CF17899D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C61D9546-7619-465B-B3CA-C60218CD574B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_ez_armor:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59035C39-14BA-4874-8874-75AA52D9AA38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:etrust_ez_armor:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4292DD3A-6B79-43E0-8D2F-267375A3CBF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C167CC34-95AE-45CD-A1CE-64FF738DE25E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:internet_security_suite:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74F3CAC8-447B-467B-87C1-DD565B41515A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:internet_security_suite:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B61BE84B-3BDA-489E-94E8-187A1B0F9281\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"285013A5-E058-4B2B-B8B6-1BFF72388589\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EFA39E3-A614-4A64-B29C-86D6F12F1557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4434A4-EE82-46A1-9293-345991515369\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43CD3B48-C978-4FDB-B157-85F3E971446B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DB54A16-5E56-46FC-A49C-56C98C0B8F1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47C10BA4-B241-4F65-8FA1-AD88266C03B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/25570\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/105105\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/35245\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/470602/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/470754/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24330\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018199\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2072\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-07-035.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34737\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/105105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/35245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/470602/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/470754/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2072\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-07-035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34737\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. There are several affected products. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow. Computer Associates is the world's leading security vendor, products include a variety of anti-virus software and backup recovery systems. CA has issued an update to address the vulnerabilities. The first vulnerability, CVE-2007-2863, is due to insufficient bounds checking on filenames contained in a CAB archive. The second vulnerability, CVE-2007-2863, is due to insufficient bounds checking on the "coffFiles" field. By using a specially malformed CAB file, an attacker can cause a crash or take unauthorized action on an affected system.

Mitigating Factors: None

Severity: CA has given these vulnerabilities a High risk rating.

Affected Products: CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8, r8.1 CA Anti-Virus 2007 (v8) eTrust EZ Antivirus r7, r6.1 CA Internet Security Suite 2007 (v3) eTrust Internet Security Suite r1, r2 eTrust EZ Armor r1, r2, r3.x CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Protection Suites r2, r3 CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0 CA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus Gateway) 7.1 Unicenter Network and Systems Management (NSM) r3.0 Unicenter Network and Systems Management (NSM) r3.1 Unicenter Network and Systems Management (NSM) r11 Unicenter Network and Systems Management (NSM) r11.1 BrightStor ARCserve Backup r11.5 BrightStor ARCserve Backup r11.1 BrightStor ARCserve Backup r11 for Windows BrightStor Enterprise Backup r10.5 BrightStor ARCserve Backup v9.01 CA Common Services CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)

Affected Platforms: All

Status and Recommendation: CA has issued content update 30.6 to address the vulnerabilities. The updated engine is provided with content updates. Ensure the latest content update is installed if the signature version is less than version 30.6.

For BrightStor ARCserve Backup:

To update the signatures one time only, open a command window, change into the "C:\Program Files\CA\SharedComponents\ScanEngine" directory, and enter the following command:

inodist /cfg inodist.ini

To update on a regular schedule:
Submit a GenericJob using the ARCserve Job Scheduler. Please search the BrightStor Administrator's Guide for 'Antivirus Maintenance' and follow the directions.

Use the above command line instruction with the AT Scheduler.

Workaround: None

References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for this vulnerability: Security Notice for CA products implementing the Anti-Virus engine http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securit ynotice.asp CA Security Advisor posting: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=144680 CAID: 35395, 35396 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35395 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35396 Reported By: ZDI ZDI Advisory: ZDI-07-034, ZDI-07-035 http://www.zerodayinitiative.com/advisories/ZDI-07-034.html http://www.zerodayinitiative.com/advisories/ZDI-07-035.html CVE References: CVE-2007-2863, CVE-2007-2864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2864 OSVDB References: OSVDB-35244, OSVDB-35245 http://osvdb.org/35244 http://osvdb.org/35245

Changelog for this advisory: v1.0 - Initial Release

Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx

Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749

-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFGaCc7eSWR3+KUGYURAnegAKCFM9tJ6RgdwIAc9JRfOcx807pEHwCdHofV s2hnGDiljhAMZquR9D1uya8= =PQi4 -----END PGP SIGNATURE----- . More details can be found at:

http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp

-- Disclosure Timeline: 2007.02.16 - Vulnerability reported to vendor 2007.06.05 - Coordinated public release of advisory

-- Credit: This vulnerability was discovered by an anonymous researcher.

-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster@3com.com

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200706-0018",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "computer associates",
        "version": null
      },
      {
        "model": "protection suites",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "r3"
      },
      {
        "model": "protection suites",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ca",
        "version": "r2"
      },
      {
        "model": "etrust antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "9.01"
      },
      {
        "model": "etrust antivirus sdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "*"
      },
      {
        "model": "unicenter network and systems management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "model": "etrust secure content manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ca",
        "version": "8.0"
      },
      {
        "model": "common services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "1.1"
      },
      {
        "model": "etrust antivirus gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "7.1"
      },
      {
        "model": "etrust ez armor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "1.0"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "3.0"
      },
      {
        "model": "etrust ez armor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "2.0"
      },
      {
        "model": "etrust ez antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "7.0"
      },
      {
        "model": "common services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "1.0"
      },
      {
        "model": "common services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "2.0"
      },
      {
        "model": "common services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "2.2"
      },
      {
        "model": "anti-virus for the enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "2.0"
      },
      {
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "10.5"
      },
      {
        "model": "etrust ez antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.1"
      },
      {
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11"
      },
      {
        "model": "unicenter network and systems management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "3.0"
      },
      {
        "model": "integrated threat management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.0"
      },
      {
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.5"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "1.0"
      },
      {
        "model": "etrust antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "8.1"
      },
      {
        "model": "etrust ez armor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "3.0"
      },
      {
        "model": "unicenter network and systems management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11"
      },
      {
        "model": "common services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "3.0"
      },
      {
        "model": "etrust ez armor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "3.1"
      },
      {
        "model": "brightstor arcserve backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "11.1"
      },
      {
        "model": "unicenter network and systems management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "3.1"
      },
      {
        "model": "common services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "2.1"
      },
      {
        "model": "vpn-1 power/utm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "(pro/express) ngx r60a"
      },
      {
        "model": "vpn-1 power/utm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "(pro/express) ngx r61"
      },
      {
        "model": "vpn-1 power/utm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "(pro/express) ngx r62"
      },
      {
        "model": "vpn-1 power/utm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "(pro/express) ngx r65"
      },
      {
        "model": "etrust antivirus",
        "scope": null,
        "trust": 0.7,
        "vendor": "computer associates",
        "version": null
      },
      {
        "model": "common services",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "1.0"
      },
      {
        "model": "unicenter network and systems management",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "3.1"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "3.0"
      },
      {
        "model": "unicenter network and systems management",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "3.0"
      },
      {
        "model": "unicenter network and systems management",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "11.1"
      },
      {
        "model": "integrated threat management",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "8.0"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "2.0"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ca",
        "version": "1.0"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.1"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.0"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates protection suites r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "0"
      },
      {
        "model": "associates protection suites r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates internet security suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "20073.0"
      },
      {
        "model": "associates internet security suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.0"
      },
      {
        "model": "associates internet security suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates integrated threat management r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates etrust secure content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust ez armor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.1"
      },
      {
        "model": "associates etrust ez armor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.0"
      },
      {
        "model": "associates etrust ez armor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.0"
      },
      {
        "model": "associates etrust ez armor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates etrust ez antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7.0"
      },
      {
        "model": "associates etrust ez antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.1"
      },
      {
        "model": "associates etrust antivirus for the gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7.1"
      },
      {
        "model": "associates etrust antivirus r8.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates etrust antivirus r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.0"
      },
      {
        "model": "associates common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      },
      {
        "model": "associates common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.1"
      },
      {
        "model": "associates common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.0"
      },
      {
        "model": "associates common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.1"
      },
      {
        "model": "associates common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "9.01"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "model": "associates anti-virus sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "0"
      },
      {
        "model": "associates anti-virus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "20078"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#739409"
      },
      {
        "db": "CERT/CC",
        "id": "VU#105105"
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-035"
      },
      {
        "db": "BID",
        "id": "24330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001196"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:internet_security_suite:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:internet_security_suite:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2864"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anonymous",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-07-035"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2007-2864",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-2864",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-26226",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2864",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#105105",
            "trust": 0.8,
            "value": "15.19"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200706-098",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-26226",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#105105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-26226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001196"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. There are several affected products. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow. Computer Associates is the world\u0027s leading security vendor, products include a variety of anti-virus software and backup recovery systems. CA has issued an update to \naddress the vulnerabilities. The first vulnerability, \nCVE-2007-2863, is due to insufficient bounds checking on filenames \ncontained in a CAB archive. The second vulnerability, \nCVE-2007-2863, is due to insufficient bounds checking on the \n\"coffFiles\" field. By using a specially malformed CAB file, an \nattacker can cause a crash or take unauthorized action on an \naffected system. \n\nMitigating Factors: None\n\nSeverity: CA has given these vulnerabilities a High risk rating. \n\nAffected Products:\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8, \n   r8.1\nCA Anti-Virus 2007 (v8)\neTrust EZ Antivirus r7, r6.1\nCA Internet Security Suite 2007 (v3)\neTrust Internet Security Suite r1, r2\neTrust EZ Armor r1, r2, r3.x\nCA Threat Manager for the Enterprise (formerly eTrust Integrated \n   Threat Management) r8\nCA Protection Suites r2, r3\nCA Secure Content Manager (formerly eTrust Secure Content \n   Manager) 8.0\nCA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus \n   Gateway) 7.1\nUnicenter Network and Systems Management (NSM) r3.0\nUnicenter Network and Systems Management (NSM) r3.1\nUnicenter Network and Systems Management (NSM) r11\nUnicenter Network and Systems Management (NSM) r11.1\nBrightStor ARCserve Backup r11.5\nBrightStor ARCserve Backup r11.1\nBrightStor ARCserve Backup r11 for Windows\nBrightStor Enterprise Backup r10.5\nBrightStor ARCserve Backup v9.01\nCA Common Services\nCA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)\n\nAffected Platforms:\nAll\n\nStatus and Recommendation:\nCA has issued content update 30.6 to address the vulnerabilities. \nThe updated engine is provided with content updates. Ensure the \nlatest content update is installed if the signature version is \nless than version 30.6. \n\nFor BrightStor ARCserve Backup:\n\n1. To update the signatures one time only, open a command window, \nchange into the \"C:\\Program Files\\CA\\SharedComponents\\ScanEngine\" \ndirectory, and enter the following command:\n\ninodist /cfg inodist.ini\n\n2. To update on a regular schedule:\n\n* Submit a GenericJob using the ARCserve Job Scheduler. Please \nsearch the BrightStor Administrator\u0027s Guide for \u0027Antivirus \nMaintenance\u0027 and follow the directions. \n\nOr\n\n* Use the above command line instruction with the AT Scheduler. \n\n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nCA SupportConnect Security Notice for this vulnerability:\nSecurity Notice for CA products implementing the Anti-Virus engine\nhttp://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securit\nynotice.asp\nCA Security Advisor posting: CA Anti-Virus Engine CAB File Buffer \nOverflow Vulnerabilities\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=144680\nCAID: 35395, 35396\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35395\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35396\nReported By: ZDI\nZDI Advisory: ZDI-07-034, ZDI-07-035\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-034.html\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-035.html\nCVE References: CVE-2007-2863, CVE-2007-2864\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2863\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2864\nOSVDB References: OSVDB-35244, OSVDB-35245\nhttp://osvdb.org/35244\nhttp://osvdb.org/35245\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.5.3 (Build 5003)\n\nwj8DBQFGaCc7eSWR3+KUGYURAnegAKCFM9tJ6RgdwIAc9JRfOcx807pEHwCdHofV\ns2hnGDiljhAMZquR9D1uya8=\n=PQi4\n-----END PGP SIGNATURE-----\n. \nMore details can be found at:\n \nhttp://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp\n\n-- Disclosure Timeline:\n2007.02.16 - Vulnerability reported to vendor\n2007.06.05 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by an anonymous researcher. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n\nCONFIDENTIALITY NOTICE: This e-mail message, including any attachments,\nis being sent by 3Com for the sole use of the intended recipient(s) and\nmay contain confidential, proprietary and/or privileged information. \nAny unauthorized review, use, disclosure and/or distribution by any \nrecipient is prohibited.  If you are not the intended recipient, please\ndelete and/or destroy all copies of this message regardless of form and\nany included attachments and notify 3Com immediately by contacting the\nsender via reply e-mail or forwarding to 3Com at postmaster@3com.com",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#739409"
      },
      {
        "db": "CERT/CC",
        "id": "VU#105105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001196"
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-035"
      },
      {
        "db": "BID",
        "id": "24330"
      },
      {
        "db": "VULHUB",
        "id": "VHN-26226"
      },
      {
        "db": "PACKETSTORM",
        "id": "57100"
      },
      {
        "db": "PACKETSTORM",
        "id": "57067"
      }
    ],
    "trust": 4.23
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-26226",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-26226"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "25570",
        "trust": 4.1
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2864",
        "trust": 3.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#105105",
        "trust": 3.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-035",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "24330",
        "trust": 2.8
      },
      {
        "db": "OSVDB",
        "id": "35245",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1018199",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2072",
        "trust": 2.5
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-034",
        "trust": 1.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#739409",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "34737",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001196",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-154",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-098",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "57067",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "83164",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16677",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71185",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-26226",
        "trust": 0.1
      },
      {
        "db": "OSVDB",
        "id": "35244",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "57100",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#739409"
      },
      {
        "db": "CERT/CC",
        "id": "VU#105105"
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-035"
      },
      {
        "db": "VULHUB",
        "id": "VHN-26226"
      },
      {
        "db": "BID",
        "id": "24330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001196"
      },
      {
        "db": "PACKETSTORM",
        "id": "57100"
      },
      {
        "db": "PACKETSTORM",
        "id": "57067"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ]
  },
  "id": "VAR-200706-0018",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-26226"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:45:08.082000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Anti-Virus\u30a8\u30f3\u30b8\u30f3\u3092\u5b9f\u88c5\u3057\u3066\u3044\u308bCA\u88fd\u54c1\u306b\u304a\u3051\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
        "trust": 0.8,
        "url": "http://www.casupport.jp/resources/anti_virus_engine_security.htm"
      },
      {
        "title": "sk33132",
        "trust": 0.8,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk33132"
      },
      {
        "title": "35396",
        "trust": 0.8,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35396"
      },
      {
        "title": "Computer Associates has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
      },
      {
        "title": "CA  CAB File header parsing remote stack overflow vulnerability repair measures",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146809"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-07-035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001196"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2864"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.4,
        "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
      },
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/105105"
      },
      {
        "trust": 2.7,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-07-035.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/24330"
      },
      {
        "trust": 2.5,
        "url": "http://www.osvdb.org/35245"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1018199"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/25570"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2007/2072"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/25570/"
      },
      {
        "trust": 1.2,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-07-034.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2864"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/34737"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2864"
      },
      {
        "trust": 0.3,
        "url": "http://www.ca.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/470754"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/470602"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2864"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/35245"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com."
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2863"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/35244"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=144680"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35396"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/contact/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35395"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/legal/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2863"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/privacy/"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securit"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#739409"
      },
      {
        "db": "CERT/CC",
        "id": "VU#105105"
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-035"
      },
      {
        "db": "VULHUB",
        "id": "VHN-26226"
      },
      {
        "db": "BID",
        "id": "24330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001196"
      },
      {
        "db": "PACKETSTORM",
        "id": "57100"
      },
      {
        "db": "PACKETSTORM",
        "id": "57067"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#739409"
      },
      {
        "db": "CERT/CC",
        "id": "VU#105105"
      },
      {
        "db": "ZDI",
        "id": "ZDI-07-035"
      },
      {
        "db": "VULHUB",
        "id": "VHN-26226"
      },
      {
        "db": "BID",
        "id": "24330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001196"
      },
      {
        "db": "PACKETSTORM",
        "id": "57100"
      },
      {
        "db": "PACKETSTORM",
        "id": "57067"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-06-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#739409"
      },
      {
        "date": "2007-06-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#105105"
      },
      {
        "date": "2007-06-05T00:00:00",
        "db": "ZDI",
        "id": "ZDI-07-035"
      },
      {
        "date": "2007-06-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-26226"
      },
      {
        "date": "2007-06-05T00:00:00",
        "db": "BID",
        "id": "24330"
      },
      {
        "date": "2009-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001196"
      },
      {
        "date": "2007-06-10T23:43:37",
        "db": "PACKETSTORM",
        "id": "57100"
      },
      {
        "date": "2007-06-07T06:15:45",
        "db": "PACKETSTORM",
        "id": "57067"
      },
      {
        "date": "2007-06-06T21:30:00",
        "db": "NVD",
        "id": "CVE-2007-2864"
      },
      {
        "date": "2007-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-06-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#739409"
      },
      {
        "date": "2007-06-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#105105"
      },
      {
        "date": "2007-06-05T00:00:00",
        "db": "ZDI",
        "id": "ZDI-07-035"
      },
      {
        "date": "2018-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-26226"
      },
      {
        "date": "2009-09-28T20:10:00",
        "db": "BID",
        "id": "24330"
      },
      {
        "date": "2009-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001196"
      },
      {
        "date": "2021-04-14T15:34:35.667000",
        "db": "NVD",
        "id": "CVE-2007-2864"
      },
      {
        "date": "2021-04-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "57100"
      },
      {
        "db": "PACKETSTORM",
        "id": "57067"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Computer Associates Anti-Virus engine fails to properly handle long file names in CAB archives",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#739409"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-098"
      }
    ],
    "trust": 0.6
  }
}

CVE-2007-2864

Vulnerability from fkie_nvd

Published

2007-06-06 21:30

Modified

2024-11-21 00:31

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/25570	Patch, Vendor Advisory
cve@mitre.org	http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp
cve@mitre.org	http://www.kb.cert.org/vuls/id/105105	US Government Resource
cve@mitre.org	http://www.osvdb.org/35245
cve@mitre.org	http://www.securityfocus.com/archive/1/470602/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/470754/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/24330	Patch
cve@mitre.org	http://www.securitytracker.com/id?1018199
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2072
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-07-035.html
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34737
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25570	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/105105	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/35245
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/470602/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/470754/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24330	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018199
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2072
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-07-035.html
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34737

Impacted products

Vendor	Product	Version
broadcom	anti-virus_for_the_enterprise	8
broadcom	brightstor_arcserve_backup	9.01
broadcom	brightstor_arcserve_backup	10.5
broadcom	brightstor_arcserve_backup	11
broadcom	brightstor_arcserve_backup	11.1
broadcom	brightstor_arcserve_backup	11.5
broadcom	common_services	1.0
broadcom	common_services	1.1
broadcom	common_services	2.0
broadcom	common_services	2.1
broadcom	common_services	2.2
broadcom	common_services	3.0
broadcom	etrust_antivirus	8.0
broadcom	etrust_antivirus	8.1
broadcom	etrust_antivirus_gateway	7.1
broadcom	etrust_antivirus_sdk	*
broadcom	etrust_ez_antivirus	6.1
broadcom	etrust_ez_antivirus	7.0
broadcom	etrust_ez_armor	1.0
broadcom	etrust_ez_armor	2.0
broadcom	etrust_ez_armor	3.0
broadcom	etrust_ez_armor	3.1
broadcom	integrated_threat_management	8.0
broadcom	internet_security_suite	1.0
broadcom	internet_security_suite	2.0
broadcom	internet_security_suite	3.0
broadcom	unicenter_network_and_systems_management	3.0
broadcom	unicenter_network_and_systems_management	3.1
broadcom	unicenter_network_and_systems_management	11
broadcom	unicenter_network_and_systems_management	11.1
ca	etrust_secure_content_manager	8.0
ca	protection_suites	r2
ca	protection_suites	r3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B76576-ABB1-439E-80B0-0B5AAE14BA45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "443AB333-2C99-42FF-8F4E-A487BF588E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C339825-77F9-478A-B1F7-A297D5715396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:common_services:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A0DD264-59A8-4B76-8D7F-138AEA7B1912",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:common_services:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "062DB370-929D-4FE1-A925-2FB5706C9409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:common_services:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7957A4-D763-488F-B2B1-E00F428AD1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:common_services:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F5A6578-902D-4D9F-AB19-C6484E878CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:common_services:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E79928-E5E2-42E5-9E09-58ADF9E76A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:common_services:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7587982-C722-4754-8744-8C7D43E191B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71D3160D-539D-4E26-8B0B-C372315EE700",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C533CA-ACB7-4C0F-98E2-B5E51E24A554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DD2FE1C-8894-41EC-B686-932F0ACC41C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_antivirus_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4996345-E5B0-42E2-8592-41B9BC805740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D938FC-E8E6-4709-BF6D-EF4833AF7D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "538F7CEC-D8A8-444F-9A9C-D1FF01EA7450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "714BCFBA-B843-4C14-AA78-F7CF17899D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61D9546-7619-465B-B3CA-C60218CD574B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59035C39-14BA-4874-8874-75AA52D9AA38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4292DD3A-6B79-43E0-8D2F-267375A3CBF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C167CC34-95AE-45CD-A1CE-64FF738DE25E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:internet_security_suite:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F3CAC8-447B-467B-87C1-DD565B41515A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:internet_security_suite:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61BE84B-3BDA-489E-94E8-187A1B0F9281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EFA39E3-A614-4A64-B29C-86D6F12F1557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4434A4-EE82-46A1-9293-345991515369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CD3B48-C978-4FDB-B157-85F3E971446B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en el motor antivirus anterior a la actualizaci\u00f3n de contenido 30.6 de m\u00faltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n  mediante un valor largo no v\u00e1lido del campo coffFiles en un fichero .CAB."
    }
  ],
  "id": "CVE-2007-2864",
  "lastModified": "2024-11-21T00:31:50.643",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-06-06T21:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25570"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/105105"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/35245"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24330"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018199"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2072"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/105105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/35245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/24330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-38wr-8jpj-263v

Vulnerability from github

Published

2022-05-01 18:08

Modified

2022-05-01 18:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2864"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-06T21:30:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.",
  "id": "GHSA-38wr-8jpj-263v",
  "modified": "2022-05-01T18:08:03Z",
  "published": "2022-05-01T18:08:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2864"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25570"
    },
    {
      "type": "WEB",
      "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/105105"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/35245"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24330"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018199"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2072"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2007-2864

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-2864

Aliases

CVE-2007-2864

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2864",
    "description": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.",
    "id": "GSD-2007-2864",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-2864"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2864"
      ],
      "details": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.",
      "id": "GSD-2007-2864",
      "modified": "2023-12-13T01:21:37.709236Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2864",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "24330",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24330"
          },
          {
            "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
          },
          {
            "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp",
            "refsource": "CONFIRM",
            "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
          },
          {
            "name": "VU#105105",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/105105"
          },
          {
            "name": "ADV-2007-2072",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2072"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
          },
          {
            "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
          },
          {
            "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
          },
          {
            "name": "1018199",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018199"
          },
          {
            "name": "35245",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/35245"
          },
          {
            "name": "25570",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25570"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:internet_security_suite:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:internet_security_suite:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:common_services:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2864"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
            },
            {
              "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
            },
            {
              "name": "24330",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/24330"
            },
            {
              "name": "25570",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25570"
            },
            {
              "name": "VU#105105",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/105105"
            },
            {
              "name": "35245",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/35245"
            },
            {
              "name": "1018199",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018199"
            },
            {
              "name": "ADV-2007-2072",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2072"
            },
            {
              "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
            },
            {
              "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
            },
            {
              "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-04-14T15:34Z",
      "publishedDate": "2007-06-06T21:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-2864

Vulnerability from cvelistv5

var-200706-0018

Vulnerability from variot

CVE-2007-2864

Vulnerability from fkie_nvd

ghsa-38wr-8jpj-263v

Vulnerability from github

gsd-2007-2864

Vulnerability from gsd

Tags

Sightings

Nomenclature