{"vuid":"VU#105105","idnumber":"105105","name":"Computer Associates Anti-Virus engine fails to properly handle malformed CAB archives","keywords":["Computer Associates","Multiple Product AV Engine","stack-based buffer overflow","coffFiles field",".CAB archives"],"overview":"The Computer Associates Anti-Virus engine contains a stack-based buffer overflow that may allow a remote, unauthenticated attacker to execute arbitrary code.","clean_desc":"The Computer Associates Anti-Virus engine contains a stack-based buffer overflow in the code responsible for processing CAB archives. Specifically, the Computer Associates Anti-Virus engine fails to properly validate the size of the coffFiles field in CAB archives before it is copied to a stack buffer. This may allow a stack-based buffer overflow to occur. This vulnerability affects numerous Computer Associates products, including: CA Anti-Virus\neTrust EZ Antivirus\nCA Internet Security Suite 2007\neTrust Internet Security Suite\neTrust EZ Armor\nCA Threat Manager\nCA Protection Suites\nCA Secure Content Manager\nCA Anti-Virus Gateway\nUnicenter Network and Systems Management\nBrightStor ARCserve Backup\nCA Common Services\nCA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)\nMore information is available in the Computer Associates Security Notice issued June 5th, 2007.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition..","resolution":"Apply an Update\nAccording to the Computer Associates Security Notice issued June 5th, 2007: CA has issued content update 30.6 to address the vulnerabilities. The updated engine is provided with content updates. Ensure the latest content update is installed if the signature version is less than version 30.6.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by in Tipping Point advisory \nZDI-07-035","author":"This document was written by Jeff Gennari.","public":["http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp","http://www.zerodayinitiative.com/advisories/ZDI-07-035.html","http://secunia.com/advisories/25570/"],"cveids":["CVE-2007-2864"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-06-06T17:06:35Z","publicdate":"2007-06-05T00:00:00Z","datefirstpublished":"2007-06-06T17:45:26Z","dateupdated":"2007-06-06T19:57:25Z","revision":12,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"15.1875","cam_scorecurrentwidelyknown":"30.375","cam_scorecurrentwidelyknownexploited":"55.6875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.1875,"vulnote":null}