CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
96.5%
Added: 04/25/2008
CVE: CVE-2007-4620
BID: 28605
OSVDB: 44040
The Alert Notification Server is included with multiple Computer Associates products to provide notifications to console users.
The Alert Notification Server is affected by buffer overflow vulnerabilities in multiple RPC operations allowing remote attackers to execute arbitrary commands.
Apply one of the updates referenced in the Security Notice.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679>
Exploit works on CA eTrust Antivirus r8 with patch QO89817. Valid Windows credentials are required in order for this exploit to succeed.
Windows 2000
Windows Server 2003