CVE-2010-3984

Published: Jan 7, 2011Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.

Affected (7)

Products: Ca: Arcserve Replication And High Availability, Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication

4 products

Arcserve Replication And High Availability

Xosoft Content Distribution

Xosoft High Availability

Xosoft Replication

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Ca Arcserve Replication And High Availability	Version r15.0 sp1
Ca Xosoft Content Distribution	Version r12.0 sp1
Ca Xosoft Content Distribution	Version r12.5 sp2
Ca Xosoft High Availability	Version r12.0 sp1
Ca Xosoft High Availability	Version r12.5 sp2
Ca Xosoft Replication	Version r12.0 sp1
Ca Xosoft Replication	Version r12.5 sp2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (12)

http://secunia.com/advisories/42561

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/515115/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/45317

Source: cve@mitre.org

http://www.securitytracker.com/id?1024852

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-10-263/

Source: cve@mitre.org

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/42561

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/515115/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45317

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1024852

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-10-263/

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.