Lucene search
K
CaEtrust Secure Content Manager

15 matches found

CVE
CVE
added 2007/06/06 9:0 p.m.101 views

CVE-2007-2864

CVE-2007-2864 describes a stack-based buffer overflow in the Computer Associates (CA) Anti-Virus engine when processing CAB archives. The vulnerability exists in the CAB file handling prior to content update 30.6, allowing a remote attacker to execute arbitrary code by delivering a specially craf...

9.3CVSS7.7AI score0.49647EPSS
Web
CVE
CVE
added 2009/10/13 10:0 a.m.100 views

CVE-2009-3587

CA ARclib DoS vulnerabilities (CVE-2009-3587/3588) affect CA Anti-Virus for the Enterprise and related CA products; exploitation via crafted RAR archives can trigger heap or stack corruption and may lead to denial of service and possibly arbitrary code execution. Affected products listed include ...

9.3CVSS7.4AI score0.07605EPSS
CVE
CVE
added 2009/10/13 10:0 a.m.100 views

CVE-2009-3588

CVE-2009-3588 (and 3587) describe a DoS vulnerability in CA’s arclib component used by CA Anti-Virus for Enterprise and related CA products. A crafted RAR archive can trigger stack corruption (CVE-3588) and heap corruption (CVE-3587); CVE-3587 also notes possible arbitrary-code execution. Affecte...

4.3CVSS6.2AI score0.02394EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.79 views

CVE-2004-0935

CVE-2004-0935 affects Eset Anti-Virus prior to 1.020. A ZIP archive with both local and global headers set to zero could bypass antivirus protection and allow a malicious file to be opened on the target system. PoC/proofs of concept code and advisories (e.g., iDEFENSE CAN references) document det...

7.5CVSS6.4AI score0.15059EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.72 views

CVE-2004-0936

CVE-2004-0936 refers to a ZIP header manipulation vulnerability affecting anti-virus engines (notably RAV) where both local and global ZIP headers can be set to zero, allowing a compressed file to bypass protection and still be opened. The connected sources describe a proof-of-concept and public ...

7.5CVSS6.4AI score0.14785EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.69 views

CVE-2004-0933

CVE-2004-0933 affects Computer Associates CA InoculateIT 6.0, eTrust Antivirus (r6.0–r7.1), eTrust Antivirus for the Gateway (r7.0–r7.1), eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor (2.0–2.4), and EZ-Antivirus (6.1–6.3). The issue is a ZIP header handling flaw that lets re...

7.5CVSS6.4AI score0.20691EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.69 views

CVE-2004-0937

CVE-2004-0937 affects Sophos Anti-Virus prior to 3.87.0 and Sophos Anti-Virus for Windows 95/98/Me prior to 3.88.0. The issue allows remote attackers to bypass antivirus protection by delivering a ZIP archive whose local and global headers are set to zero, yet the archive can still be opened on t...

7.5CVSS6.4AI score0.14785EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.67 views

CVE-2004-0932

The CVE-2004-0932 issue affects McAfee Anti-Virus Engine DATS drivers before 4398 (and the DATS Driver before 4397). A crafted ZIP archive with both local and global headers set to zero can bypass antivirus protection and still be opened on the target system. This is a remote-exploitation-style b...

7.5CVSS6.3AI score0.65764EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.66 views

CVE-2004-0934

CVE-2004-0934 affects Kaspersky antivirus engines 3.x through 4.x. The connected material shows a ZIP archive header manipulation vulnerability where both the local and global headers can be set to zero, allowing the compressed file to be opened while bypassing protection. A PoC exists in ZIP han...

7.5CVSS6.4AI score0.14785EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.64 views

CVE-2004-1096

Archive::Zip (Perl) before 1.14 is affected; antivirus tools like amavisd-new can bypass protection by processing a ZIP with both local and global headers zeroed. The description notes the issue but does not specify fixed versions or patches in the provided sources. No exploitation details are gi...

7.5CVSS6.3AI score0.17441EPSS
CVE
CVE
added 2005/05/24 4:0 a.m.63 views

CVE-2005-1693

CVE-2005-1693 involves an integer overflow in the Computer Associates Vet Antivirus library used by CA InoculateIT 6.0, eTrust Antivirus (r6.0–7.1), eTrust Antivirus for the Gateway (r7.0–r7.1), eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup r11.1, Vet Antiv...

10CVSS7.4AI score0.06886EPSS
CVE
CVE
added 2006/01/23 8:0 p.m.63 views

CVE-2005-3653

CVE-2005-3653 describes a heap-based buffer overflow in the CA iTechnology iGateway service, caused by insufficient boundary checks of the HTTP Content-Length header. An unauthenticated remote attacker can send a crafted HTTP request with a negative Content-Length to trigger a heap overflow, pote...

10CVSS8.1AI score0.18645EPSS
CVE
CVE
added 2007/06/21 10:0 p.m.63 views

CVE-2007-3334

CVE-2007-3334 affects Ingres Database (3.0.3) components used in CA products (eTrust Secure Content Manager on Windows). A remote, unauthenticated attacker can exploit heap-based buffer overflows in the Communications Server (iigcc.exe) and Data Access Server (iigcd.exe) by sending specially craf...

10CVSS7.5AI score0.10321EPSS
CVE
CVE
added 2008/06/04 8:0 p.m.56 views

CVE-2008-2541

CA eTrust Secure Content Manager (SCM) HTTP Gateway Service (icihttp.exe) contains multiple stack-based buffer overflow vulnerabilities when handling FTP responses (LIST and PASV). CVE-2008-2541 allows remote, unauthenticated attackers to execute arbitrary code or cause DoS with SYSTEM privileges...

10CVSS7.6AI score0.10072EPSS
CVE
CVE
added 2011/02/10 5:0 p.m.53 views

CVE-2011-0758

CA ETrust Secure Content Manager (eCS ECSQdmn.exe) vulnerable to remote code execution via port 1882 due to a heap overflow caused by an improper DWORD value in a memory copy. Affected products: CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1. Exploitation is unauthenticated and ...

10CVSS7.9AI score0.08205EPSS