Strix
26.1K

CVE-2007-2864

UnknownEPSS 49.65%

Last modified

CVE-2007-2864 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.. EPSS estimates a 49.65% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.

Metrics

EPSS Probability
49.65%

98.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
BroadcomAnti-Virus For The Enterprise8
BroadcomBrightstor Arcserve Backup9.01
BroadcomBrightstor Arcserve Backup10.5
BroadcomBrightstor Arcserve Backup11
BroadcomBrightstor Arcserve Backup11.1
BroadcomBrightstor Arcserve Backup11.5
BroadcomCommon Services1.0
BroadcomCommon Services1.1
BroadcomCommon Services2.0
BroadcomCommon Services2.1
BroadcomCommon Services2.2
BroadcomCommon Services3.0
BroadcomEtrust Antivirus8.0
BroadcomEtrust Antivirus8.1
BroadcomEtrust Antivirus Gateway7.1
BroadcomEtrust Antivirus SdkAll versions
BroadcomEtrust Ez Antivirus6.1
BroadcomEtrust Ez Antivirus7.0
BroadcomEtrust Ez Armor1.0
BroadcomEtrust Ez Armor2.0
BroadcomEtrust Ez Armor3.0
BroadcomEtrust Ez Armor3.1
BroadcomIntegrated Threat Management8.0
BroadcomInternet Security Suite1.0
BroadcomInternet Security Suite2.0
BroadcomInternet Security Suite3.0
BroadcomUnicenter Network And Systems Management3.0
BroadcomUnicenter Network And Systems Management3.1
BroadcomUnicenter Network And Systems Management11
BroadcomUnicenter Network And Systems Management11.1
CaEtrust Secure Content Manager8.0
CaProtection Suitesr2
CaProtection Suitesr3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-2864?
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
How severe is CVE-2007-2864?
Severity scoring for CVE-2007-2864 is pending analysis. The EPSS model estimates a 49.65% probability of exploitation in the next 30 days.
How do I fix CVE-2007-2864?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-2864?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST