Unrated severityNVD Advisory· Published May 11, 2007· Updated Apr 23, 2026

CVE-2007-2523

Description

CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.

Affected products

Broadcom Corporation/Integrated Threat Management
cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*
Ca/Anti Virus For The Enterprise
cpe:2.3:a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

supportconnectw.ca.com/public/antivirus/infodocs/caav-secnotice050807.aspnvdPatch
labs.idefense.com/intelligence/vulnerabilities/display.phpnvdVendor Advisory
www.kb.cert.org/vuls/id/788416nvdUS Government Resource
blog.48bits.comnvd
lists.grok.org.uk/pipermail/full-disclosure/2007-May/063275.htmlnvd
secunia.com/advisories/25202nvd
www.osvdb.org/34586nvd
www.securityfocus.com/archive/1/468306/100/0/threadednvd
www.securityfocus.com/bid/23906nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/1750nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000