CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
19.3%
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
Vendor | Product | Version | CPE |
---|---|---|---|
broadcom | integrated_threat_management | 8.0 | cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:* |
ca | anti-virus_for_the_enterprise | 8 | cpe:2.3:a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:* |
blog.48bits.com/?p=103
labs.idefense.com/intelligence/vulnerabilities/display.php?id=530
lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html
secunia.com/advisories/25202
supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp
www.kb.cert.org/vuls/id/788416
www.osvdb.org/34586
www.securityfocus.com/archive/1/468306/100/0/threaded
www.securityfocus.com/bid/23906
www.securitytracker.com/id?1018043
www.vupen.com/english/advisories/2007/1750