7.2

CVE-2007-2523

EPSS 0.6%
Veröffentlicht 11.05.2007 04:20:00
Zuletzt bearbeitet 23.04.2026 00:35:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Broadcom ≫ Integrated Threat Management Version8.0

Ca ≫ Anti-virus For The Enterprise Version8 Editionenterprise

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.696

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html

http://secunia.com/advisories/25202

http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp

Patch

http://www.securityfocus.com/bid/23906

http://www.securitytracker.com/id?1018043

http://www.vupen.com/english/advisories/2007/1750

http://blog.48bits.com/?p=103

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530

Vendor Advisory

http://www.kb.cert.org/vuls/id/788416

US Government Resource

http://www.osvdb.org/34586

http://www.securityfocus.com/archive/1/468306/100/0/threaded

https://nvd.nist.gov/vuln/detail/CVE-2007-2523

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2523

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2523

EUVD