Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4620

CWE-119 — Buffer Overflow4 documents4 sources

Severity

9.0CRITICAL

EPSS

75.8%

top 1.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Anti-virus FOR THE Enterprise Broadcom Brightstor Arcserve Backup CA Brightstor Arcserve Backup +1 more

Timeline

PublishedApr 7

Latest updateMay 1

Description

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages4 packages

▶NVDca/threat_managerr8, r8.1+1

▶NVDbroadcom/anti-virus7.1, 8, 8.1+2

▶NVDca/brightstor_arcserve_backup11

▶NVDbroadcom/brightstor_arcserve_backup11.1, 11.5+1

🔴Vulnerability Details

GHSA

GHSA-2gp6-x3qj-wq4m: Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert↗2022-05-01

▶

CVEList

CVE-2007-4620: Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert↗2008-04-07

▶

💥Exploits & PoCs

Exploit-DB

Computer Associates - Alert Notification Buffer Overflow (Metasploit)↗2010-04-30

▶