Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4620

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2007-4620
Last Modified 07 Mar 2011 09:58:53
Published 07 Apr 2008 02:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-4620

Summary

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

Vulnerable Systems

Application

  • Ca Anti-virus For The Enterprise 7.1

  • Ca Anti-virus For The Enterprise 8

  • Ca Anti-virus For The Enterprise 8.1

  • Ca Brightstor Arcserve Backup 11

  • Ca Brightstor Arcserve Backup 11.1

  • Ca Brightstor Arcserve Backup 11.5

  • Ca Threat Manager For The Enterprise R8

  • Ca Threat Manager For The Enterprise R8.1


References

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103

XF - ca-alertnotificationserver-bo(41639)

VUPEN - ADV-2008-1103

SECTRACK - 1019790

SECTRACK - 1019789

BID - 28605

BUGTRAQ - 20080404 CA Alert Notification Server Multiple Vulnerabilities

SREASON - 3799

SECUNIA - 29665

IDEFENSE - 20080403 Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities

CONFIRM - http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx


Last Updated: 27 May 2016 10:45:54