Vulnerability CVE-2007-4620


Published: 2008-04-07   Modified: 2012-02-12

Description:
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

See advisories in our WLB2 database:
Topic
Author
Date
High
CA Alert Notification Server Multiple Vulnerabilities
An anonymous
07.04.2008

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
CA -> Anti-virus for the enterprise 
CA -> Brightstor arcserve backup 
CA -> Threat manager for the enterprise 

 References:
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679
http://securityreason.com/securityalert/3799
http://www.securityfocus.com/archive/1/490466/100/0/threaded
http://www.securityfocus.com/bid/28605
http://www.securitytracker.com/id?1019789
http://www.securitytracker.com/id?1019790
http://www.vupen.com/english/advisories/2008/1103/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41639
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103

Copyright 2024, cxsecurity.com

 

Back to Top