CVE-2007-2523

Broadcom Integrated Threat Management - Buffer Overflow

Title source: rule

Description

CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.

Exploits (1)

exploitdb WORKING POC VERIFIED

by binagres · cremotewindows

https://www.exploit-db.com/exploits/30019

View Code ZIP pw:eip

References (11)

[Various Sources] http://blog.48bits.com/?p=103

[Vendor Advisory] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html

[Patch] http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp

[US Government Resource] http://www.kb.cert.org/vuls/id/788416

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/468306/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23906

[Third Party Advisory, VDB Entry] http://www.osvdb.org/34586

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018043

[Third Party Advisory] http://secunia.com/advisories/25202

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1750

Scores

EPSS 0.0060

EPSS Percentile 69.6%

Details

Status published

Products (2)

broadcom/integrated_threat_management 8.0

ca/anti-virus_for_the_enterprise 8

Published May 11, 2007

Tracked Since Feb 18, 2026