Vulnerability CVE-2007-3825


Published: 2007-07-18   Modified: 2012-02-12

Description:
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
CA -> Alert notification server 
CA -> Anti-virus for the enterprise 
CA -> Brightstor arcserve backup 
CA -> Brightstor arcserve client 
CA -> Brightstor enterprise backup 
CA -> Protection suites 
CA -> Threat manager 

 References:
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp
http://secunia.com/advisories/26088
http://www.vupen.com/english/advisories/2007/2559
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561
http://xforce.iss.net/xforce/xfdb/35467
http://www.securitytracker.com/id?1018406
http://www.securitytracker.com/id?1018405
http://www.securitytracker.com/id?1018404
http://www.securitytracker.com/id?1018403
http://www.securitytracker.com/id?1018402
http://www.securityfocus.com/bid/24947

Copyright 2024, cxsecurity.com

 

Back to Top