Signature Detail

HTTP: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow

There exists a stack-based buffer overflow vulnerability in multiple Computer Associates products. The vulnerability exists in the component that processes CAB files. A remote unauthenticated attacker can exploit the vulnerability causing a denial of service condition or the execution of arbitrary code on the target system through delivering a specially crafted CAB file to the target. In an attack case where code injection is not successful, the affected application will terminate abnormally. In a more sophisticated attack where code injection results is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected application, normally

Extended Description

Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability because the scan engine fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges.

Affected Products

• Computer Associates Anti-Virus 2007 8
• Computer Associates Anti-Virus SDK
• Computer Associates BrightStor ARCServe Backup 10.5
• Computer Associates BrightStor ARCServe Backup 11
• Computer Associates BrightStor ARCServe Backup 11.1.0
• Computer Associates BrightStor ARCServe Backup 11.5.0
• Computer Associates BrightStor ARCServe Backup 9.01
• Computer Associates Common Services 1.0.0
• Computer Associates Common Services 1.1.0
• Computer Associates Common Services 2.0.0
• Computer Associates Common Services 2.1.0
• Computer Associates Common Services 2.2.0
• Computer Associates Common Services 3.0.0
• Computer Associates eTrust Antivirus r8
• Computer Associates eTrust Antivirus r8.1
• Computer Associates eTrust Antivirus for the Gateway 7.1.0
• Computer Associates eTrust EZ Antivirus 6.1.0
• Computer Associates eTrust EZ Antivirus 7.0.0
• Computer Associates eTrust EZ Armor 1.0.0
• Computer Associates eTrust EZ Armor 2.0.0
• Computer Associates eTrust EZ Armor 3.0.0
• Computer Associates eTrust EZ Armor 3.1.0
• Computer Associates eTrust Secure Content Manager 8.0.0
• Computer Associates Integrated Threat Management r8
• Computer Associates Internet Security Suite 1.0
• Computer Associates Internet Security Suite 2.0
• Computer Associates Internet Security Suite 2007 3.0
• Computer Associates Protection Suites r3
• Computer Associates Protection Suites r2
• Computer Associates Unicenter Network and Systems Management 11
• Computer Associates Unicenter Network and Systems Management 11.1
• Computer Associates Unicenter Network and Systems Management 3.0.0
• Computer Associates Unicenter Network and Systems Management 3.1.0

References

• BugTraq: 24330
• CVE: CVE-2007-2864