The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of CA Anti-Virus, eTrust: buffer overflows of CAB

Synthesis of the vulnerability 

An attacker can create a malicious CAB archive in order to generate two overflows in Computer Associates antiviruses.
Impacted products: CA Antivirus, e-Trust Antivirus.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/06/2007.
Références of this threat: BID-24330, BID-24331, CERTA-2007-AVI-252, CVE-2007-2863, CVE-2007-2864, VIGILANCE-VUL-6885, VU#105105, VU#739409, ZDI-07-034, ZDI-07-035.

Description of the vulnerability 

An attacker can create a malicious CAB archive in order to generate two overflows in Computer Associates antiviruses.

When a CAB archive contains a file with a long name, an overflow occurs in vete.dll. [severity:3/4; BID-24331, CERTA-2007-AVI-252, CVE-2007-2863, VU#739409, ZDI-07-034]

When the "coffFiles" field of a CAB archive contains a file with a long name, an overflow occurs. [severity:3/4; BID-24330, CVE-2007-2864, VU#105105, ZDI-07-035]

Both overflows can lead to code execution.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security weakness impacts software or systems such as CA Antivirus, e-Trust Antivirus.

Our Vigil@nce team determined that the severity of this threat bulletin is important.

The trust level is of type confirmed by a trusted third party, with an origin of document.

This bulletin is about 2 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this threat.

Solutions for this threat 

CA Anti-Virus, eTrust: update 30.6.
Update 30.6 is available.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability bulletins. The Vigil@nce vulnerability database contains several thousand vulnerabilities.