CVE-2009-3587

Severity

93%

Complexity

86%

Confidentiality

165%

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Computer Associates

First reported 15 years ago

2009-10-13 10:30:00

Last updated 6 years ago

2018-10-10 19:47:00

Affected Software

Computer Associates Anti-virus 2007 8

2007

Computer Associates Anti-virus 2008

2008

Computer Associates Anti-Virus for the Enterprise 7.1

7.1

Computer Associates Anti-Virus for the Enterprise r8

r8

Computer Associates Anti-virus SDK

Computer Associates common services r11

11

Computer Associates common services r11.1

11.1

Computer Associates eTrust Antivirus 7.1

7.1

Computer Associates etrust Antivirus 2007 v8

8

Computer Associates etrust Antivirus 2007

8.1

Computer Associates eTrust Integrated Threat Management 8.1

8.1

Computer Associates eTrust Intrusion Detection 3.0

3.0

Computer Associates eTrust Secure Content Manager 1.1

1.1

Computer Associates eTrust Secure Content Manager 8.0

8.0

Computer Associates Internet Security Suite

Computer Associates Internet Security Suite 2007

3.0

Computer Associates Network and Systems Management r3.0

r3.0

Computer Associates Network and Systems Management r3.1

r3.1

Computer Associates Network and Systems Management r11

r11

Computer Associates Network and Systems Management r11.1

r11.1

Computer Associates Secure Content Manager 1.1

1.1

Computer Associates Secure Content Manager 8.0

8.0

Computer Associates Unicenter Network and Systems Management 3.0

3.0

Computer Associates Unicenter Network and Systems Management 3.1

3.1

Computer Associates Unicenter Network and Systems Management 11

11

Computer Associates Unicenter Network and Systems Management 11.1

11.1

References

58691

36976

Vendor Advisory

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878

Patch, Vendor Advisory

20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine

36653

1022999

ADV-2009-2852

Vendor Advisory

ca-rar-code-execution(53697)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.