CVE-2007-2523

CA Anti-Virus for the Enterprise r8 and Threat Manager r8 - Privilege Escalation via Task Service File Mapping

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2523. PoCs published by binagres.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in Computer Associates eTrust Antivirus Agent r8 via the 'INOQSIQSYSINFO' file mapping. It leverages a long file path to trigger the overflow in the QSIGetQueuePath function, bypassing stack protection mechanisms.

Description

CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.

Exploits (1)

exploitdb WORKING POC VERIFIED

by binagres · cremotewindows

https://www.exploit-db.com/exploits/30019

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in Computer Associates eTrust Antivirus Agent r8 via the 'INOQSIQSYSINFO' file mapping. It leverages a long file path to trigger the overflow in the QSIGetQueuePath function, bypassing stack protection mechanisms.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Computer Associates eTrust Antivirus Agent r8 (with INOCORE.DLL 8.0.403.0)

No auth needed

Prerequisites: Access to the target system's file mapping 'Global\INOQSIQSYSINFO' · Target system running eTrust Antivirus Agent r8

MITRE ATT&CK