CVE-2007-3875

Description

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

Related CPE's

acaprotection_suitesr3*******

acaetrust_intrusion_detection3.0sp1******

acabrightstor_arcserve_backup11*windows*****

acaprotection_suitesr2*******

abroadcomanti-spyware2007*******

abroadcomanti-virus_for_the_enterprise********

abroadcomantivirus_sdk********

abroadcomanti_virus_sdk********

abroadcomanti-virus_for_the_enterprise7.0*******

abroadcomanti-virus_for_the_enterprise7.1*******

References

20070724 Computer Associates AntiVirus CHM File Handling DoS Vulnerability

Patch

http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp

Patch

25049

Patch

26155

PatchVendor Advisory

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847

1018450

ADV-2007-2639

ca-arclib-chm-dos(35573)

20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

20070725 n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory

20070725 [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

4.300000190734863

Created by Yello
About Severity.io