CVE-2007-3875 - arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA produc

CVE-2007-3875

Summary

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

References

Vulnerable Configurations

cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_antivirus:7:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_antivirus:7:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:2.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:2.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:threat_manager:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:threat_manager:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti_virus_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti_virus_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_client:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_client:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_armor:2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_armor:2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:antivirus_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:antivirus_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brigthstor_arcserve_client_for_windows:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brigthstor_arcserve_client_for_windows:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:-:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:-:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 14-04-2021 - 15:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	25049
bugtraq	20070725 [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities 20070725 n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory 20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities
confirm	http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847
idefense	20070724 Computer Associates AntiVirus CHM File Handling DoS Vulnerability
sectrack	1018450
secunia	26155
vupen	ADV-2007-2639
xf	ca-arclib-chm-dos(35573)

Last major update

14-04-2021 - 15:34

Published

26-07-2007 - 00:30

Last modified

14-04-2021 - 15:34