CVE-2007-3875

Severity

43%

Complexity

86%

Confidentiality

48%

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

Type

Computer Associates

First reported 17 years ago

2007-07-26 00:30:00

Last updated 6 years ago

2018-10-15 21:31:00

Affected Software

Computer Associates Anti-spyware 2007

2007

Computer Associates Anti-Virus for the Enterprise 7.0

7.0

Computer Associates Anti-Virus for the Enterprise 7.1

7.1

Computer Associates Anti-Virus for the Enterprise r8

8

Computer Associates Anti-Virus for the Enterprise r8.1

8.1

Computer Associates Anti Virus SDK

Computer Associates AntiSpyware for the Enterprise r8

8

Computer Associates AntiSpyware for the Enterprise 8.1

8.1

Computer Associates Antivirus SDK

Computer Associates BrightStor ARCserve Backup 9.01

9.01

Computer Associates BrightStor ARCserve Backup 11.1

11.1

Computer Associates BrightStor ARCserve Backup 11.5

11.5

Computer Associates BrightStor ARCserve Client

Computer Associates BrightStor Enterprise Backup 10.5

10.5

Computer Associates BrigthStor ARCserve Client for Windows

Computer Associates common services r11

11

Computer Associates common services r11.1

11.1

Computer Associates etrust Antivirus 2007 v8

8

Computer Associates etrust Antivirus Gateway 7.1

7.1

Computer Associates eTrust EZ Antivirus 6.1

6.1

Computer Associates etrust EZ Antivirus r7

7

Computer Associates etrust ez armor r1

1

Computer Associates etrust ez armor r2

2

Computer Associates etrust ez armor r3

3

Computer Associates etrust Internet Security Suite r1

1

Computer Associates etrust Internet Security Suite r2

2

Computer Associates eTrust Intrusion Detection 2.0

2.0

Computer Associates eTrust Intrusion Detection 3.0

3.0

Computer Associates Internet Security Suite 2007

3.0

Computer Associates Secure Content Manager 1.1

1.1

Computer Associates Secure Content Manager 8.0

8.0

Computer Associates Threat Manager r8

8

Computer Associates Unicenter Network and Systems Management 3.0

3.0

Computer Associates Unicenter Network and Systems Management 3.1

3.1

Computer Associates Unicenter Network and Systems Management 11

11

Computer Associates Unicenter Network and Systems Management 11.1

11.1

References

20070724 Computer Associates AntiVirus CHM File Handling DoS Vulnerability

Patch

26155

Patch, Vendor Advisory

http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp

Patch

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847

20070725 [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

20070725 n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory

20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

25049

Patch

1018450

ADV-2007-2639

ca-arclib-chm-dos(35573)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.