CVE-2009-3587

Description

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.

Related CPE's

acainternet_security_suite_plus_2009********

acagateway_securityr8.1*******

acacommon_services3.1*******

acaetrust_secure_content_manager8.0*******

acaetrust_anti-virus_sdk********

acaanti-virus_for_the_enterpriser8.1*******

acaarcserve_for_windows_server_component********

acaetrust_intrusion_detection2.0sp1******

acathreat_manager8.1*enterprise*****

acaprotection_suitesr3*******

References

1022999

Third Party AdvisoryVDB Entry

ADV-2009-2852

Vendor Advisory

36976

Third Party Advisory

36653

Third Party AdvisoryVDB Entry

58691

Broken Link

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878

Broken LinkPatchVendor Advisory

ca-rar-code-execution(53697)

Third Party AdvisoryVDB Entry

20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine

Third Party AdvisoryVDB Entry

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9.300000190734863

Created by Yello
About Severity.io