fkie_nvd - fkie_cve-2007-3334

FKIE_CVE-2007-3334

Vulnerability from fkie_nvd - Published: 2007-06-21 22:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546	Patch
cve@mitre.org	http://osvdb.org/37487
cve@mitre.org	http://osvdb.org/37488
cve@mitre.org	http://secunia.com/advisories/25756
cve@mitre.org	http://secunia.com/advisories/25775
cve@mitre.org	http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
cve@mitre.org	http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
cve@mitre.org	http://www.securityfocus.com/bid/24585
cve@mitre.org	http://www.securitytracker.com/id?1018278
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2288
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2290
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34991
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34992
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35002
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546	Patch
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37487
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37488
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25756
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25775
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
af854a3a-2127-422b-91ae-364da2661108	http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24585
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018278
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2288
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2290
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34991
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34992
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35002

Impacted products

Vendor	Product	Version
microsoft	all_windows	*
ca	etrust_secure_content_manager	8.0
ingres	database_server	3.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ingres:database_server:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B836C674-BF4F-4D60-AA33-D778B712D3A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en los componentes (1) Communications Server (iigcc.exe) y (2) Data Access Server (iigcd.exe) para el Ingres Database Server 3.0.3, como el utilizado en los productos del CA (Computer Associates) incluyendo el eTrust Secure Content Manager r8 bajo Windows, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2007-3334",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-06-21T22:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37487"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37488"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25756"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25775"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24585"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018278"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2288"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2290"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2007-3334 (GCVE-0-2007-3334)

Vulnerability from cvelistv5 – Published: 2007-06-21 22:00 – Updated: 2024-08-07 14:14

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2288	vdb-entryx_refsource_VUPEN
	http://www.ca.com/us/securityadvisor/newsinfo/col…	x_refsource_CONFIRM
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/25756	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25775	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/37488	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/2290	vdb-entryx_refsource_VUPEN
	http://supportconnectw.ca.com/public/ca_common_do…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/37487	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1018278	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/24585	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:14:12.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2288",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2288"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
          },
          {
            "name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
          },
          {
            "name": "ingres-wakeup-privilege-escalation(35002)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
          },
          {
            "name": "25756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25756"
          },
          {
            "name": "25775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25775"
          },
          {
            "name": "37488",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37488"
          },
          {
            "name": "ADV-2007-2290",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2290"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
          },
          {
            "name": "ingres-communications-server-bo(34991)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
          },
          {
            "name": "37487",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37487"
          },
          {
            "name": "1018278",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018278"
          },
          {
            "name": "ingres-data-access-server-bo(34992)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
          },
          {
            "name": "24585",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24585"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2288",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2288"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
        },
        {
          "name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
        },
        {
          "name": "ingres-wakeup-privilege-escalation(35002)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
        },
        {
          "name": "25756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25756"
        },
        {
          "name": "25775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25775"
        },
        {
          "name": "37488",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37488"
        },
        {
          "name": "ADV-2007-2290",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2290"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
        },
        {
          "name": "ingres-communications-server-bo(34991)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
        },
        {
          "name": "37487",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37487"
        },
        {
          "name": "1018278",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018278"
        },
        {
          "name": "ingres-data-access-server-bo(34992)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
        },
        {
          "name": "24585",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24585"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3334",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2288",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2288"
            },
            {
              "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
              "refsource": "CONFIRM",
              "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
            },
            {
              "name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
            },
            {
              "name": "ingres-wakeup-privilege-escalation(35002)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
            },
            {
              "name": "25756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25756"
            },
            {
              "name": "25775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25775"
            },
            {
              "name": "37488",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37488"
            },
            {
              "name": "ADV-2007-2290",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2290"
            },
            {
              "name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
            },
            {
              "name": "ingres-communications-server-bo(34991)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
            },
            {
              "name": "37487",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37487"
            },
            {
              "name": "1018278",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018278"
            },
            {
              "name": "ingres-data-access-server-bo(34992)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
            },
            {
              "name": "24585",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24585"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3334",
    "datePublished": "2007-06-21T22:00:00",
    "dateReserved": "2007-06-21T00:00:00",
    "dateUpdated": "2024-08-07T14:14:12.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2007-3334

CVE-2007-3334 (GCVE-0-2007-3334)

Tags

Sightings

Nomenclature