CA Antivirus engine CAB handling buffer overflow

2007-06-07T00:00:00
ID SAINT:B33B0E8F384AB4799CD68321286D6D61
Type saint
Reporter SAINT Corporation
Modified 2007-06-07T00:00:00

Description

Added: 06/07/2007
CVE: CVE-2007-2864
BID: 24330
OSVDB: 35245

Background

The CA Antivirus engine is included in multiple CA products.

Problem

A buffer overflow vulnerability in the CA Antivirus engine allows command execution when a CAB file containing a specially crafted "coffFiles" field is scanned.

Resolution

Apply content update 30.6 as described in the CA Security Notice.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-035.html>

Limitations

Exploit works on CA eTrust Antivirus 8.1.637 and requires a user to download and open the exploit file.

Platforms

Windows