7.2

CVE-2007-2523

EPSS 0.52%
Published 11.05.2007 04:20:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Broadcom ≫ Integrated Threat Management Version8.0

Ca ≫ Anti-virus For The Enterprise Version8 Editionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.52%	0.638

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.html

http://secunia.com/advisories/25202

http://supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.asp

Patch

http://www.securityfocus.com/bid/23906

http://www.securitytracker.com/id?1018043

http://www.vupen.com/english/advisories/2007/1750

http://blog.48bits.com/?p=103

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=530

Vendor Advisory

http://www.kb.cert.org/vuls/id/788416

US Government Resource

http://www.osvdb.org/34586

http://www.securityfocus.com/archive/1/468306/100/0/threaded

https://nvd.nist.gov/vuln/detail/CVE-2007-2523

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2523

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2523

EUVD