CVE-2007-2523: Buffer Overflow
First published: Fri May 11 2007(Updated: )
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CA Anti-Virus for the Enterprise | =8 | |
| Broadcom Integrated Threat Management | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530
- http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp
- http://www.securityfocus.com/bid/23906
- http://blog.48bits.com/?p=103
- http://www.kb.cert.org/vuls/id/788416
- http://www.securitytracker.com/id?1018043
- http://secunia.com/advisories/25202
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html
- http://www.osvdb.org/34586
- http://www.vupen.com/english/advisories/2007/1750
- http://www.securityfocus.com/archive/1/468306/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ca
- canonical/ca anti-virus for the enterprise
- version/ca anti-virus for the enterprise/8
- vendor/broadcom
- canonical/broadcom integrated threat management
- version/broadcom integrated threat management/8.0