CVE-2007-4620

CA Alert Notification Service <8.1.586.0 - Remote Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-4620. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/brightstor/etrust_itm_alert.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Computer Associates Threat Manager for the Enterprise r8.1 via a crafted RPC request to the 'alert' pipe, allowing arbitrary code execution. It requires valid SMB credentials and targets specific Windows versions with predefined return addresses.

Description

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16410

This Metasploit module exploits a buffer overflow in Computer Associates Threat Manager for the Enterprise r8.1 via a crafted RPC request to the 'alert' pipe, allowing arbitrary code execution. It requires valid SMB credentials and targets specific Windows versions with predefined return addresses.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Computer Associates Threat Manager for the Enterprise r8.1
Auth required
Prerequisites: Valid SMB credentials · Access to the target's SMB service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/etrust_itm_alert.rb

This Metasploit module exploits a buffer overflow in Computer Associates Threat Manager for the Enterprise r8.1 via a crafted RPC request to the 'alert' SMB pipe. It leverages a stack-based overflow to achieve remote code execution with valid credentials.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Computer Associates Threat Manager for the Enterprise r8.1
Auth required
Prerequisites: Valid SMB credentials · Access to TCP port 445 (SMB)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019790
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3799
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019789
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41639
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1103/references
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490466/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28605
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29665
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679

Scores

EPSS 0.5227
EPSS Percentile 98.8%

Details

CWE
CWE-119
Status published
Products (8)
broadcom/anti-virus_for_the_enterprise 7.1
broadcom/anti-virus_for_the_enterprise 8
broadcom/anti-virus_for_the_enterprise 8.1
broadcom/brightstor_arcserve_backup 11.1
broadcom/brightstor_arcserve_backup 11.5
ca/brightstor_arcserve_backup 11
ca/threat_manager_for_the_enterprise r8
ca/threat_manager_for_the_enterprise r8.1
Published Apr 07, 2008
Tracked Since Feb 18, 2026