Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for integrated_threat_management by broadcom

    CVE-2007-2864 (GCVE-0-2007-2864)

    Vulnerability from nvd – Published: 2007-06-06 21:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/24330 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/470602/100… mailing-listx_refsource_BUGTRAQ
    http://supportconnectw.ca.com/public/antivirus/in… x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/105105 third-party-advisoryx_refsource_CERT-VN
    http://www.vupen.com/english/advisories/2007/2072 vdb-entryx_refsource_VUPEN
    http://www.zerodayinitiative.com/advisories/ZDI-0… x_refsource_MISC
    http://www.securityfocus.com/archive/1/470754/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1018199 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/35245 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/25570 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-06-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24330",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24330"
              },
              {
                "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
              },
              {
                "name": "VU#105105",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/105105"
              },
              {
                "name": "ADV-2007-2072",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2072"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
              },
              {
                "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
              },
              {
                "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
              },
              {
                "name": "1018199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018199"
              },
              {
                "name": "35245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35245"
              },
              {
                "name": "25570",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25570"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24330",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24330"
            },
            {
              "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
            },
            {
              "name": "VU#105105",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/105105"
            },
            {
              "name": "ADV-2007-2072",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2072"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
            },
            {
              "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
            },
            {
              "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
            },
            {
              "name": "1018199",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018199"
            },
            {
              "name": "35245",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35245"
            },
            {
              "name": "25570",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25570"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2864",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24330",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24330"
                },
                {
                  "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
                },
                {
                  "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp",
                  "refsource": "CONFIRM",
                  "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
                },
                {
                  "name": "VU#105105",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/105105"
                },
                {
                  "name": "ADV-2007-2072",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2072"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
                },
                {
                  "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
                },
                {
                  "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
                },
                {
                  "name": "1018199",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018199"
                },
                {
                  "name": "35245",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35245"
                },
                {
                  "name": "25570",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25570"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2864",
        "datePublished": "2007-06-06T21:00:00.000Z",
        "dateReserved": "2007-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2523 (GCVE-0-2007-2523)

    Vulnerability from nvd – Published: 2007-05-11 03:55 – Updated: 2024-08-07 13:42
    VLAI
    Summary
    CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://supportconnectw.ca.com/public/antivirus/in… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1018043 vdb-entryx_refsource_SECTRACK
    http://blog.48bits.com/?p=103 x_refsource_MISC
    http://www.vupen.com/english/advisories/2007/1750 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23906 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/788416 third-party-advisoryx_refsource_CERT-VN
    http://www.osvdb.org/34586 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/25202 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/468306/100… mailing-listx_refsource_BUGTRAQ
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    Date Public
    2007-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:42:33.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
              },
              {
                "name": "1018043",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018043"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.48bits.com/?p=103"
              },
              {
                "name": "ADV-2007-1750",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1750"
              },
              {
                "name": "23906",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23906"
              },
              {
                "name": "VU#788416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/788416"
              },
              {
                "name": "34586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/34586"
              },
              {
                "name": "25202",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25202"
              },
              {
                "name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
              },
              {
                "name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
              },
              {
                "name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
            },
            {
              "name": "1018043",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018043"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.48bits.com/?p=103"
            },
            {
              "name": "ADV-2007-1750",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1750"
            },
            {
              "name": "23906",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23906"
            },
            {
              "name": "VU#788416",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/788416"
            },
            {
              "name": "34586",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/34586"
            },
            {
              "name": "25202",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25202"
            },
            {
              "name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
            },
            {
              "name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
            },
            {
              "name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2523",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp",
                  "refsource": "CONFIRM",
                  "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
                },
                {
                  "name": "1018043",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018043"
                },
                {
                  "name": "http://blog.48bits.com/?p=103",
                  "refsource": "MISC",
                  "url": "http://blog.48bits.com/?p=103"
                },
                {
                  "name": "ADV-2007-1750",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1750"
                },
                {
                  "name": "23906",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23906"
                },
                {
                  "name": "VU#788416",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/788416"
                },
                {
                  "name": "34586",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/34586"
                },
                {
                  "name": "25202",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25202"
                },
                {
                  "name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
                },
                {
                  "name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
                },
                {
                  "name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2523",
        "datePublished": "2007-05-11T03:55:00.000Z",
        "dateReserved": "2007-05-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:42:33.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3223 (GCVE-0-2006-3223)

    Vulnerability from nvd – Published: 2006-06-27 21:00 – Updated: 2024-08-07 18:23
    VLAI
    Summary
    Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/18689 vdb-entryx_refsource_BID
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/438503/100… mailing-listx_refsource_BUGTRAQ
    http://www3.ca.com/securityadvisor/vulninfo/vuln.… x_refsource_CONFIRM
    http://secunia.com/advisories/20856 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2565 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/438582/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/26654 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1016391 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:23:21.175Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18689",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18689"
              },
              {
                "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047423.html"
              },
              {
                "name": "ca-scan-job-description-format-string(27374)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374"
              },
              {
                "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438503/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325"
              },
              {
                "name": "20856",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20856"
              },
              {
                "name": "ADV-2006-2565",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2565"
              },
              {
                "name": "20060628 Layered Defense Advisory: Format String Vuln in CA eTrust",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438582/100/0/threaded"
              },
              {
                "name": "26654",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26654"
              },
              {
                "name": "1016391",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016391"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18689",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18689"
            },
            {
              "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047423.html"
            },
            {
              "name": "ca-scan-job-description-format-string(27374)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374"
            },
            {
              "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438503/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325"
            },
            {
              "name": "20856",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20856"
            },
            {
              "name": "ADV-2006-2565",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2565"
            },
            {
              "name": "20060628 Layered Defense Advisory: Format String Vuln in CA eTrust",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438582/100/0/threaded"
            },
            {
              "name": "26654",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26654"
            },
            {
              "name": "1016391",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016391"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3223",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18689",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18689"
                },
                {
                  "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047423.html"
                },
                {
                  "name": "ca-scan-job-description-format-string(27374)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374"
                },
                {
                  "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438503/100/0/threaded"
                },
                {
                  "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325",
                  "refsource": "CONFIRM",
                  "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325"
                },
                {
                  "name": "20856",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20856"
                },
                {
                  "name": "ADV-2006-2565",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2565"
                },
                {
                  "name": "20060628 Layered Defense Advisory: Format String Vuln in CA eTrust",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438582/100/0/threaded"
                },
                {
                  "name": "26654",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26654"
                },
                {
                  "name": "1016391",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016391"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3223",
        "datePublished": "2006-06-27T21:00:00.000Z",
        "dateReserved": "2006-06-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:23:21.175Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2864 (GCVE-0-2007-2864)

    Vulnerability from cvelistv5 – Published: 2007-06-06 21:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/24330 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/470602/100… mailing-listx_refsource_BUGTRAQ
    http://supportconnectw.ca.com/public/antivirus/in… x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/105105 third-party-advisoryx_refsource_CERT-VN
    http://www.vupen.com/english/advisories/2007/2072 vdb-entryx_refsource_VUPEN
    http://www.zerodayinitiative.com/advisories/ZDI-0… x_refsource_MISC
    http://www.securityfocus.com/archive/1/470754/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1018199 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/35245 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/25570 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-06-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24330",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24330"
              },
              {
                "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
              },
              {
                "name": "VU#105105",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/105105"
              },
              {
                "name": "ADV-2007-2072",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2072"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
              },
              {
                "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
              },
              {
                "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
              },
              {
                "name": "1018199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018199"
              },
              {
                "name": "35245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/35245"
              },
              {
                "name": "25570",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25570"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24330",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24330"
            },
            {
              "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
            },
            {
              "name": "VU#105105",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/105105"
            },
            {
              "name": "ADV-2007-2072",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2072"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
            },
            {
              "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
            },
            {
              "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
            },
            {
              "name": "1018199",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018199"
            },
            {
              "name": "35245",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/35245"
            },
            {
              "name": "25570",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25570"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2864",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24330",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24330"
                },
                {
                  "name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
                },
                {
                  "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp",
                  "refsource": "CONFIRM",
                  "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
                },
                {
                  "name": "VU#105105",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/105105"
                },
                {
                  "name": "ADV-2007-2072",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2072"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
                },
                {
                  "name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
                },
                {
                  "name": "ca-multiple-antivirus-cofffiles-bo(34737)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
                },
                {
                  "name": "1018199",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018199"
                },
                {
                  "name": "35245",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/35245"
                },
                {
                  "name": "25570",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25570"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2864",
        "datePublished": "2007-06-06T21:00:00.000Z",
        "dateReserved": "2007-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2523 (GCVE-0-2007-2523)

    Vulnerability from cvelistv5 – Published: 2007-05-11 03:55 – Updated: 2024-08-07 13:42
    VLAI
    Summary
    CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://supportconnectw.ca.com/public/antivirus/in… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1018043 vdb-entryx_refsource_SECTRACK
    http://blog.48bits.com/?p=103 x_refsource_MISC
    http://www.vupen.com/english/advisories/2007/1750 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23906 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/788416 third-party-advisoryx_refsource_CERT-VN
    http://www.osvdb.org/34586 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/25202 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/468306/100… mailing-listx_refsource_BUGTRAQ
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    Date Public
    2007-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:42:33.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
              },
              {
                "name": "1018043",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018043"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.48bits.com/?p=103"
              },
              {
                "name": "ADV-2007-1750",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1750"
              },
              {
                "name": "23906",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23906"
              },
              {
                "name": "VU#788416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/788416"
              },
              {
                "name": "34586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/34586"
              },
              {
                "name": "25202",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25202"
              },
              {
                "name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
              },
              {
                "name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
              },
              {
                "name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
            },
            {
              "name": "1018043",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018043"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.48bits.com/?p=103"
            },
            {
              "name": "ADV-2007-1750",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1750"
            },
            {
              "name": "23906",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23906"
            },
            {
              "name": "VU#788416",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/788416"
            },
            {
              "name": "34586",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/34586"
            },
            {
              "name": "25202",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25202"
            },
            {
              "name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
            },
            {
              "name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
            },
            {
              "name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2523",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp",
                  "refsource": "CONFIRM",
                  "url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp"
                },
                {
                  "name": "1018043",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018043"
                },
                {
                  "name": "http://blog.48bits.com/?p=103",
                  "refsource": "MISC",
                  "url": "http://blog.48bits.com/?p=103"
                },
                {
                  "name": "ADV-2007-1750",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1750"
                },
                {
                  "name": "23906",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23906"
                },
                {
                  "name": "VU#788416",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/788416"
                },
                {
                  "name": "34586",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/34586"
                },
                {
                  "name": "25202",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25202"
                },
                {
                  "name": "20070511 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/468306/100/0/threaded"
                },
                {
                  "name": "20070509 Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530"
                },
                {
                  "name": "20050711 [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2523",
        "datePublished": "2007-05-11T03:55:00.000Z",
        "dateReserved": "2007-05-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:42:33.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3223 (GCVE-0-2006-3223)

    Vulnerability from cvelistv5 – Published: 2006-06-27 21:00 – Updated: 2024-08-07 18:23
    VLAI
    Summary
    Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/18689 vdb-entryx_refsource_BID
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/438503/100… mailing-listx_refsource_BUGTRAQ
    http://www3.ca.com/securityadvisor/vulninfo/vuln.… x_refsource_CONFIRM
    http://secunia.com/advisories/20856 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/2565 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/438582/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/26654 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1016391 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:23:21.175Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18689",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18689"
              },
              {
                "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047423.html"
              },
              {
                "name": "ca-scan-job-description-format-string(27374)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374"
              },
              {
                "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438503/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325"
              },
              {
                "name": "20856",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20856"
              },
              {
                "name": "ADV-2006-2565",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2565"
              },
              {
                "name": "20060628 Layered Defense Advisory: Format String Vuln in CA eTrust",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438582/100/0/threaded"
              },
              {
                "name": "26654",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26654"
              },
              {
                "name": "1016391",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016391"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18689",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18689"
            },
            {
              "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047423.html"
            },
            {
              "name": "ca-scan-job-description-format-string(27374)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374"
            },
            {
              "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438503/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325"
            },
            {
              "name": "20856",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20856"
            },
            {
              "name": "ADV-2006-2565",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2565"
            },
            {
              "name": "20060628 Layered Defense Advisory: Format String Vuln in CA eTrust",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438582/100/0/threaded"
            },
            {
              "name": "26654",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26654"
            },
            {
              "name": "1016391",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016391"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3223",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18689",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18689"
                },
                {
                  "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047423.html"
                },
                {
                  "name": "ca-scan-job-description-format-string(27374)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374"
                },
                {
                  "name": "20060627 CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438503/100/0/threaded"
                },
                {
                  "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325",
                  "refsource": "CONFIRM",
                  "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325"
                },
                {
                  "name": "20856",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20856"
                },
                {
                  "name": "ADV-2006-2565",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2565"
                },
                {
                  "name": "20060628 Layered Defense Advisory: Format String Vuln in CA eTrust",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438582/100/0/threaded"
                },
                {
                  "name": "26654",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26654"
                },
                {
                  "name": "1016391",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016391"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3223",
        "datePublished": "2006-06-27T21:00:00.000Z",
        "dateReserved": "2006-06-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:23:21.175Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }