Internet Security Suite

DATE	CVE	VULNERABILITY TITLE	RISK
2008-08-12	CVE-2008-2926	Improper Input Validation vulnerability in multiple products The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request. local low complexity broadcom ca CWE-20	7.2
2007-07-26	CVE-2007-3875	arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. network broadcom ca	4.3
2007-06-06	CVE-2007-2864	Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. network broadcom ca critical	9.3
2006-12-13	CVE-2006-6496	Unspecified vulnerability in Broadcom Etrust Antivirus and Internet Security Suite The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system crash) via certain IOCTLs. local broadcom	6.6