CVE-2007-2523
published 2007-05-11CVE-2007-2523: CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file…
PriorityP335high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.38%
68.7th percentile
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | integrated_threat_management | — | — |
| ca | anti-virus_for_the_enterprise | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
exploitdb·2015-09-16
CVE-2015-2523 Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=462
The following crash was observed in Microsoft Excel 2007 running on Windows 2003 R2. This crash was also reproduced in Microsoft Excel 2010 on Windows 7 x86 and Microsoft Excel 2013 on Windows 8.1 x86. The test environment was Excel 2007 on Windows 2003 R2 with application verifier basic checks enabled.
Attached files:
Original File: 683709058_orig.xls
Crashing File: 683709058_crash.xls
Minimized Crashing File: 683709058_min.xls
The minimized crashing file shows two deltas from the original. The first at offset 0x237 is in the data of the 4th BIFFRecord and the second delta at offset 0x34a5 is in the type field of a BIFFRecord.
File versions:
Exploit-DB
CA (Multiple Products) - Console Server / 'InoCore.dll' Remote Code Execution
exploitdb·2007-05-09
CVE-2007-2523 CA (Multiple Products) - Console Server / 'InoCore.dll' Remote Code Execution
CA (Multiple Products) - Console Server / 'InoCore.dll' Remote Code Execution
---
// source: https://www.securityfocus.com/bid/23906/info
Multiple products by Computer Associates are prone to multiple vulnerabilities that will allow remote attackers to execute arbitrary code on an affected computer.
Successful exploits will allow attacker-supplied arbitrary code to run within the context of the affected server. Failed exploit attempts will likely cause denial-of-service conditions.
/*
| 48Bits Advisory -=- Privilege Elevation in eTrust Antivirus Agent r8 |
Affected versions :
I have tested with:
- eTrust Antivirus Agent r8 - http://www3.ca.com/solutions/Product.aspx?ID=156
(With INOCORE.DLL 8.0.403.0) under XPSP2 and W2KSP4)
Description :
eTrust Antivirus r8 is prone to a stack-b
No writeups or analysis indexed.
http://blog.48bits.com/?p=103http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.htmlhttp://secunia.com/advisories/25202http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asphttp://www.kb.cert.org/vuls/id/788416http://www.osvdb.org/34586http://www.securityfocus.com/archive/1/468306/100/0/threadedhttp://www.securityfocus.com/bid/23906http://www.securitytracker.com/id?1018043http://www.vupen.com/english/advisories/2007/1750http://blog.48bits.com/?p=103http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.htmlhttp://secunia.com/advisories/25202http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asphttp://www.kb.cert.org/vuls/id/788416http://www.osvdb.org/34586http://www.securityfocus.com/archive/1/468306/100/0/threadedhttp://www.securityfocus.com/bid/23906http://www.securitytracker.com/id?1018043http://www.vupen.com/english/advisories/2007/1750
2007-05-11
Published