virus logo Intrusion Prevention

CA.AV.Engine.CAB.Header.Parsing.Buffer.Overflow

description-logoDescription

This indicates an attempt to exploit a buffer overflow vulnerability in the anti-virus engine used in several CA products.
The vulnerability is a stack based buffer overflow vulnerability in CA anti-virus engines before content update 30.6. It can be triggered by a large invalid value in the "coffFiles" field in a .CAB file header. A remote attacker can crash the application and may also be able to execute arbitrary code on the system with the privileges of the victim.

affected-products-logoAffected Products

CA Anti-Virus for the Enterprise (eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (eTrust Antivirus) r8.1
CA Anti-Virus 2007 (v8)
CA Anti-Virus SDK (eTrust Anti-Virus SDK)
CA Common Services
CA eTrust EZ Antivirus r7
CA eTrust EZ Antivirus r6.1
CA eTrust Internet Security Suite r1
CA eTrust Internet Security Suite r2
CA eTrust EZ Armor r1
CA eTrust EZ Armor r2
CA eTrust EZ Armor r3.x
CA Threat Manager for the Enterprise (eTrust Integrated Threat Management) r8
CA Protection Suites r2
CA Protection Suites r3
CA Internet Security Suite 2007 (v3)
CA Secure Content Manager (eTrust Secure Content Manager) 8.0
CA Anti-Virus Gateway (eTrust Antivirus eTrust Antivirus Gateway) 7.1
CA Unicenter Network and Systems Management (NSM) r3.0
CA Unicenter Network and Systems Management (NSM) r3.1
CA Unicenter Network and Systems Management (NSM) r11
CA Unicenter Network and Systems Management (NSM) r11.1
CA BrightStor ARCserve Backup r11.5
CA BrightStor ARCserve Backup r11.1
CA BrightStor ARCserve Backup r11 for Windows
CA BrightStor Enterprise Backup r10.5
CA BrightStor ARCserve Backup 9.01

Impact logoImpact

System compromise: remote code execution.
Denial of service.

recomended-action-logoRecommended Actions

Apply patch version 30.6, available from the Web site.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 14757
Created Jul 09, 2007
Updated Nov 08, 2021
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2007-2864
Exploit Prediction Score 95.04%
Default Action drop
Active
Affected OS Windows
Affected App CA