The Computer Associates Anti-Virus engine contains a stack-based buffer overflow that may allow a remote, unauthenticated attacker to execute arbitrary code.
The Computer Associates Anti-Virus engine contains a stack-based buffer overflow in the code responsible for processing CAB archives. Specifically, the Computer Associates Anti-Virus engine fails to properly validate the size of the coffFiles field in CAB archives before it is copied to a stack buffer. This may allow a stack-based buffer overflow to occur.
This vulnerability affects numerous Computer Associates products, including:
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition..
Apply an Update
According to the Computer Associates Security Notice issued June 5th, 2007:
This vulnerability was reported by in Tipping Point advisory ZDI-07-035
This document was written by Jeff Gennari.
|Date First Published:||2007-06-06|
|Date Last Updated:||2007-06-06 19:57 UTC|