CVE-2007-2864

CA Products <30.6 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16677
metasploit WORKING POC GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ca_cab.rb

References (11)

Scores

EPSS 0.8033
EPSS Percentile 99.1%

Details

Status published
Products (33)
broadcom/anti-virus_for_the_enterprise 8
broadcom/brightstor_arcserve_backup 9.01
broadcom/brightstor_arcserve_backup 10.5
broadcom/brightstor_arcserve_backup 11
broadcom/brightstor_arcserve_backup 11.1
broadcom/brightstor_arcserve_backup 11.5
broadcom/common_services 1.0
broadcom/common_services 1.1
broadcom/common_services 2.0
broadcom/common_services 2.1
... and 23 more
Published Jun 06, 2007
Tracked Since Feb 18, 2026