A vulnerability was identified in Sysinternals Process Explorer, which could be exploited by local attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when handling an overly long "CompanyName" value of a running process, which could be exploited by local attackers to execute arbitrary commands with the privileges of another user by constructing/executing a specially crafted binary and convincing that user to explore the running malicious process.
Affected Products: Sysinternals Process Explorer version 9.23 and prior
Solution: Sysinternals Process Explorer version 9.24 :
CA Message Queuing Security Notice
Patches Are Now Available To Address CA Message Queuing Vulnerabilities
The CA Customer Support team has recently become aware of several vulnerability issues in the CA Message Queuing (CAM / CAFT) software:
- The CAM TCP port is potentially vulnerable to a Denial of Service (DoS) attack.
- Buffer overflow conditions can potentially allow arbitrary code to be executed remotely with elevated privileges.
- Potential to launch a spoof CAFT and allow arbitrary commands to be executed with elevated privileges.
CA has made patches available for all affected users.
This affects all versions of the CA Message Queuing software prior to v1.07 Build 220_13 and v1.11 Build 29_13 on the specified platforms.
Unicenter Performance Management for OpenVMS r2.4 SP3
Advantage™ Data Transport 3.0