CVE-2007-2522

Related Files

CA Security Advisory 35330

Posted May 12, 2007

Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA Anti-Virus for the Enterprise, CA Threat Manager, and CA Anti-Spyware contain multiple vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.

tags | advisory, denial of service, arbitrary, vulnerability, virus

advisories | CVE-2007-2522, CVE-2007-2523

SHA-256 | 8f199a847ae100657c96161091769e0883d36aa803d130e150619b62423ebc0c

Download | Favorite | View

Zero Day Initiative Advisory 07-028

Posted May 12, 2007

Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates AntiVirus Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the authentication function of the inoweb service that listens by default on TCP port 12168. The function copies both the username and password into fixed-length stack buffers. If an attacker provides overly long values for these parameters, an exploitable buffer overflow occurs.

tags | advisory, overflow, arbitrary, tcp

advisories | CVE-2007-2522

SHA-256 | a8be26202c3fd0849525f67fc417ca50e0c9d00c859cb92d60e035fddb98e58b

Download | Favorite | View