CVE-2007-3875

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567	Patch
http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp	Patch
http://www.securityfocus.com/bid/25049	Patch
http://secunia.com/advisories/26155	Patch Vendor Advisory
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847
http://www.securitytracker.com/id?1018450
http://www.vupen.com/english/advisories/2007/2639
https://exchange.xforce.ibmcloud.com/vulnerabilities/35573
http://www.securityfocus.com/archive/1/474683/100/0/threaded
http://www.securityfocus.com/archive/1/474605/100/100/threaded
http://www.securityfocus.com/archive/1/474601/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:::::::*
	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:::::::*
	cpe:2.3:a:ca:brightstor_arcserve_backup:11::windows:::::
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::*
	cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:::::::*
	cpe:2.3:a:broadcom:etrust_ez_antivirus:7:::::::*
	cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:::::::*
	cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1::::::
	cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:::::::*
	cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:::::::*
	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.0:::::::*
	cpe:2.3:a:ca:protection_suites:r2:::::::*
	cpe:2.3:a:broadcom:anti-spyware:2007:::::::*
	cpe:2.3:a:broadcom:anti_virus_sdk::::::::
	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:::::::*
	cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8.1:::::::*
	cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_client::::::::
	cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::*
	cpe:2.3:a:broadcom:common_services:11.1:::::::*
	cpe:2.3:a:broadcom:etrust_antivirus:8:::::::*
	cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:::::::*
	cpe:2.3:a:broadcom:etrust_ez_armor:1:::::::*
	cpe:2.3:a:broadcom:etrust_ez_armor:2:::::::*
	cpe:2.3:a:broadcom:etrust_internet_security_suite:2:::::::*
	cpe:2.3:a:broadcom:etrust_intrusion_detection:2.0:::::::*
	cpe:2.3:a:broadcom:internet_security_suite:3.0:::::::*
	cpe:2.3:a:broadcom:secure_content_manager:8.0:::::::*
	cpe:2.3:a:broadcom:threat_manager:8:::::::*
	cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:::::::*
	cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:::::::*
	cpe:2.3:a:ca:protection_suites:r3:::::::*
	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise::::::::
	cpe:2.3:a:broadcom:antivirus_sdk::::::::
	cpe:2.3:a:broadcom:brigthstor_arcserve_client_for_windows::::::::
	cpe:2.3:a:broadcom:common_services:11:::::::*
	cpe:2.3:a:broadcom:etrust_ez_armor:3:::::::*
	cpe:2.3:a:broadcom:etrust_internet_security_suite:1:::::::*
	cpe:2.3:a:broadcom:secure_content_manager:1.1:::::::*

Information

Published : 2007-07-25 17:30

Updated : 2021-04-14 08:34

NVD link : CVE-2007-3875

Mitre link : CVE-2007-3875

JSON object : View

CWE

NVD-CWE-Other

Products Affected

broadcom

anti-virus_for_the_enterprise
etrust_antivirus
antivirus_sdk
anti-spyware
threat_manager
etrust_antivirus_gateway
etrust_internet_security_suite
antispyware_for_the_enterprise
brightstor_enterprise_backup
internet_security_suite
brightstor_arcserve_backup
common_services
brigthstor_arcserve_client_for_windows
brightstor_arcserve_client
etrust_intrusion_detection
anti_virus_sdk
etrust_ez_antivirus
unicenter_network_and_systems_management
secure_content_manager
etrust_ez_armor

protection_suites
etrust_intrusion_detection
brightstor_arcserve_backup

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567", "name": "20070724 Computer Associates AntiVirus CHM File Handling DoS Vulnerability", "tags": ["Patch"], "refsource": "IDEFENSE"}, {"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp", "name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/25049", "name": "25049", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/26155", "name": "26155", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847", "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1018450", "name": "1018450", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2007/2639", "name": "ADV-2007-2639", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35573", "name": "ca-arclib-chm-dos(35573)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/474683/100/0/threaded", "name": "20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/474605/100/100/threaded", "name": "20070725 n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/474601/100/0/threaded", "name": "20070725 [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid \"previous listing chunk number\" field in a CHM file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3875", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-07-26T00:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_antivirus:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:anti_virus_sdk:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_client:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_intrusion_detection:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:threat_manager:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8"}, {"cpe23Uri": "cpe:2.3:a:broadcom:antivirus_sdk:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:brigthstor_arcserve_client_for_windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-14T15:34Z"}

4.3 /10