Vulnerability Details : CVE-2009-2026
Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2009-2026
Probability of exploitation activity in the next 30 days: 36.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-2026
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-2026
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2026
-
http://www.zerodayinitiative.com/advisories/ZDI-09-052/
-
http://www.securityfocus.com/archive/1/505557/100/0/threaded
-
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090
Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/2195
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/35984
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/52322
-
http://securitytracker.com/id?1022688
Products affected by CVE-2009-2026
- cpe:2.3:a:ca:advantage_data_transport:3.0:c1:*:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_software_delivery:4.0:c3:*:*:*:*:*:*
- cpe:2.3:a:ca:software_delivery:r11:c1:*:*:*:*:*:*
- cpe:2.3:a:ca:software_delivery:r11:c2:*:*:*:*:*:*
- cpe:2.3:a:ca:software_delivery:r11:c3:*:*:*:*:*:*
- cpe:2.3:a:ca:software_delivery:r11:sp4:*:*:*:*:*:*
- cpe:2.3:a:ca:it_client_manager:r12:*:*:*:*:*:*:*