Advisory Details

June 5th, 2007

CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability

ZDI-07-035
ZDI-CAN-154

CVE ID CVE-2007-2864
CVSS SCORE
AFFECTED VENDORS Computer Associates
AFFECTED PRODUCTS eTrust AntiVirus
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of various Computer Associates products.

The specific flaw exists within the processing of an improperly defined "coffFiles" field in .CAB archives. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow.

ADDITIONAL DETAILS Computer Associates has issued an update to correct this vulnerability. More details can be found at:
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp
DISCLOSURE TIMELINE
  • 2007-02-16 - Vulnerability reported to vendor
  • 2007-06-05 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES