CVE-2007-4620

Published: Apr 7, 2008Modified: Apr 23, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

Affected (8)

Products: Broadcom: Anti Virus For The Enterprise, Brightstor Arcserve Backup · Ca: Brightstor Arcserve Backup, Threat Manager For The Enterprise

2 products

Anti Virus For The Enterprise

Brightstor Arcserve Backup

2 products

Brightstor Arcserve Backup

Threat Manager For The Enterprise

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Broadcom Anti Virus For The Enterprise	Version 7.1
Broadcom Anti Virus For The Enterprise	Version 8.1
Broadcom Anti Virus For The Enterprise	Version 8
Broadcom Brightstor Arcserve Backup	Version 11.1
Broadcom Brightstor Arcserve Backup	Version 11.5
Ca Brightstor Arcserve Backup	Version 11
Ca Threat Manager For The Enterprise	Version r8.1
Ca Threat Manager For The Enterprise	Version r8

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (22)

http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679

Source: cve@mitre.org

http://secunia.com/advisories/29665

Source: cve@mitre.org

http://securityreason.com/securityalert/3799

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/490466/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/28605

Source: cve@mitre.org

http://www.securitytracker.com/id?1019789

Source: cve@mitre.org

http://www.securitytracker.com/id?1019790

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1103/references

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/41639

Source: cve@mitre.org

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103

Source: cve@mitre.org

http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29665

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/3799

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/490466/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28605

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1019789

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1019790

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/1103/references

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/41639

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.