Computer Associates Alert Notification Server opcode 23 buffer overflow
Added: 04/25/2008CVE: CVE-2007-4620
BID: 28605
OSVDB: 44040
Background
The Alert Notification Server is included with multiple Computer Associates products to provide notifications to console users.Problem
The Alert Notification Server is affected by buffer overflow vulnerabilities in multiple RPC operations allowing remote attackers to execute arbitrary commands.Resolution
Apply one of the updates referenced in the Security Notice.References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679Limitations
Exploit works on CA eTrust Antivirus r8 with patch QO89817. Valid Windows credentials are required in order for this exploit to succeed.Platforms
Windows 2000Windows Server 2003
Back to exploit index