Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2864

4 documents4 sources

Severity

9.3CRITICAL

EPSS

80.3%

top 0.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Anti-virus FOR THE Enterprise Broadcom Brightstor Arcserve Backup Broadcom Common Services +9 more

Timeline

PublishedJun 6

Latest updateMay 1

Description

Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages12 packages

▶NVDbroadcom/anti-virus8

▶NVDbroadcom/etrust_antivirus8.0, 8.1+1

▶NVDbroadcom/etrust_ez_antivirus6.1, 7.0+1

▶NVDbroadcom/etrust_antivirus_gateway7.1

▶NVDca/etrust_secure_content_manager8.0

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-38wr-8jpj-263v: Stack-based buffer overflow in the Anti-Virus engine before content update 30↗2022-05-01

▶

CVEList

CVE-2007-2864: Stack-based buffer overflow in the Anti-Virus engine before content update 30↗2007-06-06

▶

💥Exploits & PoCs

Exploit-DB

CA AntiVirus Engine - CAB Buffer Overflow (Metasploit)↗2010-11-11

▶