Added: 04/25/2008
CVE: CVE-2007-4620
BID: 28605
OSVDB: 44040
The Alert Notification Server is included with multiple Computer Associates products to provide notifications to console users.
The Alert Notification Server is affected by buffer overflow vulnerabilities in multiple RPC operations allowing remote attackers to execute arbitrary commands.
Apply one of the updates referenced in the Security Notice.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679>
Exploit works on CA eTrust Antivirus r8 with patch QO89817. Valid Windows credentials are required in order for this exploit to succeed.
Windows 2000
Windows Server 2003