Vulnerability CVE-2005-1693


Published: 2005-05-24   Modified: 2012-02-12

Description:
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Zonelabs -> Zonealarm 
Zonelabs -> Zonealarm antivirus 
CA -> Brightstor arcserve backup 
CA -> Etrust antivirus 
CA -> Etrust antivirus ee 
CA -> Etrust ez armor 
CA -> Etrust ez armor le 
CA -> Etrust intrusion detection 
CA -> Etrust secure content manager 
CA -> Inoculateit 
CA -> Vet antivirus 

 References:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1588
http://www.securityfocus.com/bid/13710
http://www.rem0te.com/public/images/vet.pdf
http://securitytracker.com/id?1014050
http://secunia.com/advisories/15479
http://secunia.com/advisories/15470
http://marc.theaimsgroup.com/?l=bugtraq&m=111686576416450&w=2

Copyright 2021, cxsecurity.com

 

Back to Top