Computer Associates Anti-Virus Engine Malformed CAB Filename Buffer Overflow Vulnerability

Computer Associates Anti-Virus Engine Malformed CAB Filename Buffer Overflow Vulnerability

Multiple Computer Associates products that implement the antivirus engine are prone to a stack-based buffer-overflow vulnerability. This issue occurs because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.