FKIE_CVE-2007-2523

Vulnerability from fkie_nvd - Published: 2007-05-11 04:20 - Updated: 2025-04-09 00:30
Severity ?
Summary
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
References
cve@mitre.orghttp://blog.48bits.com/?p=103
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530Vendor Advisory
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html
cve@mitre.orghttp://secunia.com/advisories/25202
cve@mitre.orghttp://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.aspPatch
cve@mitre.orghttp://www.kb.cert.org/vuls/id/788416US Government Resource
cve@mitre.orghttp://www.osvdb.org/34586
cve@mitre.orghttp://www.securityfocus.com/archive/1/468306/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/23906
cve@mitre.orghttp://www.securitytracker.com/id?1018043
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1750
af854a3a-2127-422b-91ae-364da2661108http://blog.48bits.com/?p=103
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25202
af854a3a-2127-422b-91ae-364da2661108http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.aspPatch
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/788416US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/34586
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/468306/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23906
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018043
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1750
Impacted products
Vendor Product Version
broadcom integrated_threat_management 8.0
ca anti-virus_for_the_enterprise 8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C167CC34-95AE-45CD-A1CE-64FF738DE25E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0662407D-B0D7-4C4A-9F11-D438ED0A186D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0."
    },
    {
      "lang": "es",
      "value": "El Anti-Virus CA  para la Enterprise r8 y el Threat Manager r8 antes del 20070510 usa permisos d\u00e9biles (seguridad de descriptor NULL) para el fichero de mapeo compartido del Task Service, lo cual permite a usuarios locales modificar este mapeo y obtener privilegios mediante el disparo de un desbordamiento de b\u00fafer basado en pila en el InoCore.dll en versiones anteriores a 8.0.448.0."
    }
  ],
  "evaluatorSolution": "The Computer Associates Integrated Threat Manager product is only vulnerable if it is release 8.0 before 2007-05-10.",
  "id": "CVE-2007-2523",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-11T04:20:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.48bits.com/?p=103"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25202"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788416"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/34586"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23906"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018043"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.48bits.com/?p=103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/34586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1750"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.