Vulnerabilites related to broadcom - anti-virus_for_the_enterprise
CVE-2007-2864 (GCVE-0-2007-2864)
Vulnerability from cvelistv5
Published
2007-06-06 21:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24330"
},
{
"name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"name": "VU#105105",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/105105"
},
{
"name": "ADV-2007-2072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
},
{
"name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"name": "ca-multiple-antivirus-cofffiles-bo(34737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
},
{
"name": "1018199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018199"
},
{
"name": "35245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35245"
},
{
"name": "25570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24330"
},
{
"name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"name": "VU#105105",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/105105"
},
{
"name": "ADV-2007-2072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
},
{
"name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"name": "ca-multiple-antivirus-cofffiles-bo(34737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
},
{
"name": "1018199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018199"
},
{
"name": "35245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35245"
},
{
"name": "25570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24330"
},
{
"name": "20070605 ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
},
{
"name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"name": "VU#105105",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/105105"
},
{
"name": "ADV-2007-2072",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
},
{
"name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"name": "ca-multiple-antivirus-cofffiles-bo(34737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
},
{
"name": "1018199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018199"
},
{
"name": "35245",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35245"
},
{
"name": "25570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2864",
"datePublished": "2007-06-06T21:00:00",
"dateReserved": "2007-05-24T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2863 (GCVE-0-2007-2863)
Vulnerability from cvelistv5
Published
2007-06-06 21:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:53.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ca-multiple-antivirus-cab-bo(34741)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
},
{
"name": "2790",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2790"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"name": "20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"name": "ADV-2007-2072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"name": "24331",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24331"
},
{
"name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"name": "35244",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35244"
},
{
"name": "1018199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018199"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"name": "VU#739409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"name": "25570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ca-multiple-antivirus-cab-bo(34741)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
},
{
"name": "2790",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2790"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"name": "20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"name": "ADV-2007-2072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"name": "24331",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24331"
},
{
"name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"name": "35244",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35244"
},
{
"name": "1018199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018199"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"name": "VU#739409",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"name": "25570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ca-multiple-antivirus-cab-bo(34741)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
},
{
"name": "2790",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2790"
},
{
"name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"name": "20070605 ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"name": "ADV-2007-2072",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"name": "24331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24331"
},
{
"name": "20070607 [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"name": "35244",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35244"
},
{
"name": "1018199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018199"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"name": "VU#739409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"name": "25570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2863",
"datePublished": "2007-06-06T21:00:00",
"dateReserved": "2007-05-24T00:00:00",
"dateUpdated": "2024-08-07T13:57:53.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3587 (GCVE-0-2009-3587)
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "58691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58691"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "ca-rar-code-execution(53697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "58691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58691"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "ca-rar-code-execution(53697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "58691",
"refsource": "OSVDB",
"url": "http://osvdb.org/58691"
},
{
"name": "36976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "ca-rar-code-execution(53697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3587",
"datePublished": "2009-10-13T10:00:00",
"dateReserved": "2009-10-08T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4620 (GCVE-0-2007-4620)
Vulnerability from cvelistv5
Published
2008-04-07 18:00
Modified
2024-08-07 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019790",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019790"
},
{
"name": "3799",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3799"
},
{
"name": "1019789",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019789"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103"
},
{
"name": "ca-alertnotificationserver-bo(41639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx"
},
{
"name": "ADV-2008-1103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1103/references"
},
{
"name": "20080404 CA Alert Notification Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490466/100/0/threaded"
},
{
"name": "28605",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28605"
},
{
"name": "29665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29665"
},
{
"name": "20080403 Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019790",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019790"
},
{
"name": "3799",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3799"
},
{
"name": "1019789",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019789"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103"
},
{
"name": "ca-alertnotificationserver-bo(41639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx"
},
{
"name": "ADV-2008-1103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1103/references"
},
{
"name": "20080404 CA Alert Notification Server Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490466/100/0/threaded"
},
{
"name": "28605",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28605"
},
{
"name": "29665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29665"
},
{
"name": "20080403 Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019790",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019790"
},
{
"name": "3799",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3799"
},
{
"name": "1019789",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019789"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103"
},
{
"name": "ca-alertnotificationserver-bo(41639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41639"
},
{
"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx",
"refsource": "CONFIRM",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx"
},
{
"name": "ADV-2008-1103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1103/references"
},
{
"name": "20080404 CA Alert Notification Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490466/100/0/threaded"
},
{
"name": "28605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28605"
},
{
"name": "29665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29665"
},
{
"name": "20080403 Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4620",
"datePublished": "2008-04-07T18:00:00",
"dateReserved": "2007-08-30T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3588 (GCVE-0-2009-3588)
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ca-rar-dos(53698)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ca-rar-dos(53698)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ca-rar-dos(53698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "36976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3588",
"datePublished": "2009-10-13T10:00:00",
"dateReserved": "2009-10-08T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3875 (GCVE-0-2007-3875)
Vulnerability from cvelistv5
Published
2007-07-26 00:00
Modified
2024-08-07 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:04.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847"
},
{
"name": "20070724 Computer Associates AntiVirus CHM File Handling DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567"
},
{
"name": "20070725 n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474605/100/100/threaded"
},
{
"name": "ADV-2007-2639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2639"
},
{
"name": "20070725 [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474601/100/0/threaded"
},
{
"name": "ca-arclib-chm-dos(35573)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35573"
},
{
"name": "20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474683/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp"
},
{
"name": "25049",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25049"
},
{
"name": "26155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid \"previous listing chunk number\" field in a CHM file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847"
},
{
"name": "20070724 Computer Associates AntiVirus CHM File Handling DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567"
},
{
"name": "20070725 n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474605/100/100/threaded"
},
{
"name": "ADV-2007-2639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2639"
},
{
"name": "20070725 [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474601/100/0/threaded"
},
{
"name": "ca-arclib-chm-dos(35573)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35573"
},
{
"name": "20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474683/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp"
},
{
"name": "25049",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25049"
},
{
"name": "26155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid \"previous listing chunk number\" field in a CHM file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018450",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018450"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847"
},
{
"name": "20070724 Computer Associates AntiVirus CHM File Handling DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567"
},
{
"name": "20070725 n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474605/100/100/threaded"
},
{
"name": "ADV-2007-2639",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2639"
},
{
"name": "20070725 [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474601/100/0/threaded"
},
{
"name": "ca-arclib-chm-dos(35573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35573"
},
{
"name": "20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474683/100/0/threaded"
},
{
"name": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp"
},
{
"name": "25049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25049"
},
{
"name": "26155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3875",
"datePublished": "2007-07-26T00:00:00",
"dateReserved": "2007-07-18T00:00:00",
"dateUpdated": "2024-08-07T14:37:04.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0042 (GCVE-0-2009-0042)
Vulnerability from cvelistv5
Published
2009-01-28 01:00
Modified
2024-08-07 04:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601"
},
{
"name": "ADV-2009-0270",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0270"
},
{
"name": "ca-antivirus-engine-security-bypass(48261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261"
},
{
"name": "33464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33464"
},
{
"name": "20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500417/100/0/threaded"
},
{
"name": "1021639",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021639"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601"
},
{
"name": "ADV-2009-0270",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0270"
},
{
"name": "ca-antivirus-engine-security-bypass(48261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261"
},
{
"name": "33464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33464"
},
{
"name": "20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500417/100/0/threaded"
},
{
"name": "1021639",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021639"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601"
},
{
"name": "ADV-2009-0270",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0270"
},
{
"name": "ca-antivirus-engine-security-bypass(48261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261"
},
{
"name": "33464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33464"
},
{
"name": "20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500417/100/0/threaded"
},
{
"name": "1021639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021639"
},
{
"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx",
"refsource": "CONFIRM",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0042",
"datePublished": "2009-01-28T01:00:00",
"dateReserved": "2009-01-07T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-06-06 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/25570 | Patch, Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/2790 | ||
| cve@mitre.org | http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/739409 | US Government Resource | |
| cve@mitre.org | http://www.osvdb.org/35244 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/470601/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/470754/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24331 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1018199 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2072 | ||
| cve@mitre.org | http://www.zerodayinitiative.com/advisories/ZDI-07-034.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/34741 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25570 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/739409 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/35244 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/470601/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/470754/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24331 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018199 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-07-034.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/34741 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | anti-virus_for_the_enterprise | 8 | |
| broadcom | brightstor_arcserve_backup | 9.01 | |
| broadcom | brightstor_arcserve_backup | 11.1 | |
| broadcom | brightstor_arcserve_backup | 11.5 | |
| broadcom | brightstor_enterprise_backup | 10.5 | |
| broadcom | common_services | 1.0 | |
| broadcom | common_services | 1.1 | |
| broadcom | common_services | 2.0 | |
| broadcom | common_services | 2.1 | |
| broadcom | common_services | 2.2 | |
| broadcom | common_services | 3.0 | |
| ca | anti-virus_for_the_enterprise | 8 | |
| ca | brightstor_arcserve_backup | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B76576-ABB1-439E-80B0-0B5AAE14BA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0DD264-59A8-4B76-8D7F-138AEA7B1912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "062DB370-929D-4FE1-A925-2FB5706C9409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7957A4-D763-488F-B2B1-E00F428AD1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5A6578-902D-4D9F-AB19-C6484E878CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E79928-E5E2-42E5-9E09-58ADF9E76A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7587982-C722-4754-8744-8C7D43E191B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0662407D-B0D7-4C4A-9F11-D438ED0A186D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
"matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el motor Anti-Virus antes de contener la actualizaci\u00f3n 30.6 en m\u00faltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un nombre de fichero largo en el fichero .CAB."
}
],
"id": "CVE-2007-2863",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-06T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25570"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2790"
},
{
"source": "cve@mitre.org",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35244"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24331"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018199"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/739409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470601/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34741"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-07 18:44
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx | ||
| cve@mitre.org | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679 | ||
| cve@mitre.org | http://secunia.com/advisories/29665 | ||
| cve@mitre.org | http://securityreason.com/securityalert/3799 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/490466/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28605 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1019789 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1019790 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1103/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41639 | ||
| cve@mitre.org | https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29665 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3799 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/490466/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019789 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1103/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | anti-virus_for_the_enterprise | 7.1 | |
| broadcom | anti-virus_for_the_enterprise | 8 | |
| broadcom | anti-virus_for_the_enterprise | 8.1 | |
| broadcom | brightstor_arcserve_backup | 11.1 | |
| broadcom | brightstor_arcserve_backup | 11.5 | |
| ca | brightstor_arcserve_backup | 11 | |
| ca | threat_manager_for_the_enterprise | r8 | |
| ca | threat_manager_for_the_enterprise | r8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B76576-ABB1-439E-80B0-0B5AAE14BA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE175BB8-DF9B-4DA0-AD2F-885CC13BB812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
"matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7E12A7-F92F-47E3-B810-4019FD885B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72342377-2084-41CB-82BF-ADEEB45BFA4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer basados en pila del servicio Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0 y 7.1.758.0, usado en varios productos CA incluyendo Anti-Virus para la versi\u00f3n Enterprise 7.1 a la r11.1 y Threat Manager para la versi\u00f3n Enterprise 8.1 y r8, permiten a usuarios autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante peticiones RPC manipuladas."
}
],
"id": "CVE-2007-4620",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-07T18:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx"
},
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29665"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3799"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490466/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28605"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019789"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019790"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1103/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41639"
},
{
"source": "cve@mitre.org",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490466/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1103/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/36976 | Vendor Advisory | |
| cve@mitre.org | http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/507068/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/36653 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1022999 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/2852 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/53698 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36976 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507068/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36653 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022999 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2852 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53698 | VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | anti-virus | 2007 | |
| broadcom | anti-virus | 2008 | |
| broadcom | anti-virus_for_the_enterprise | 7.1 | |
| broadcom | anti-virus_for_the_enterprise | r8 | |
| broadcom | anti-virus_sdk | * | |
| broadcom | common_services | 11 | |
| broadcom | common_services | 11.1 | |
| broadcom | etrust_antivirus | 7.1 | |
| broadcom | etrust_antivirus | 8 | |
| broadcom | etrust_antivirus | 8.1 | |
| broadcom | etrust_integrated_threat_management | 8.1 | |
| broadcom | etrust_intrusion_detection | 3.0 | |
| broadcom | etrust_secure_content_manager | 1.1 | |
| broadcom | internet_security_suite | * | |
| broadcom | internet_security_suite | 3.0 | |
| broadcom | network_and_systems_management | r3.0 | |
| broadcom | network_and_systems_management | r3.1 | |
| broadcom | network_and_systems_management | r11 | |
| broadcom | network_and_systems_management | r11.1 | |
| broadcom | secure_content_manager | 1.1 | |
| broadcom | secure_content_manager | 8.0 | |
| broadcom | unicenter_network_and_systems_management | 3.0 | |
| broadcom | unicenter_network_and_systems_management | 3.1 | |
| broadcom | unicenter_network_and_systems_management | 11 | |
| broadcom | unicenter_network_and_systems_management | 11.1 | |
| ca | anti-virus | 2009 | |
| ca | anti-virus_for_the_enterprise | r8.1 | |
| ca | anti-virus_gateway | 7.1 | |
| ca | anti-virus_plus | 2009 | |
| ca | arcserve_for_windows_client_agent | * | |
| ca | arcserve_for_windows_server_component | * | |
| ca | common_services | 3.1 | |
| ca | etrust_anti-virus_gateway | 7.1 | |
| ca | etrust_anti-virus_sdk | * | |
| ca | etrust_ez_antivirus | r7.1 | |
| ca | etrust_intrusion_detection | 2.0 | |
| ca | etrust_intrusion_detection | 3.0 | |
| ca | etrust_secure_content_manager | 8.0 | |
| ca | gateway_security | r8.1 | |
| ca | internet_security_suite_2008 | * | |
| ca | internet_security_suite_plus_2008 | * | |
| ca | internet_security_suite_plus_2009 | * | |
| ca | protection_suites | r2 | |
| ca | protection_suites | r3 | |
| ca | protection_suites | r3.1 | |
| ca | threat_manager | 8.1 | |
| ca | threat_manager | r8 | |
| ca | threat_manager_total_defense | * | |
| broadcom | arcserve_backup | r12.0 | |
| broadcom | arcserve_backup | r12.0 | |
| ca | arcserve_backup | r11.5 | |
| microsoft | windows | * | |
| ca | arcserve_backup | r11.1 | |
| ca | arcserve_backup | r11.5 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2007:8:*:*:*:*:*:*",
"matchCriteriaId": "C469EBBE-EE96-4CED-BD8C-36461750C6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E892B-0EE8-4B76-97B8-0BAF17E83F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "11BCD267-E8CE-4A97-B769-5F4CAF9830D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "865B7BD2-3AD1-41CA-842B-47BC4F1426DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2FA702-184A-44FF-8DEA-7811804EE175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D301B65D-A20B-4991-A0D8-DFE3363F162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A08C715-A351-466D-99EC-006C106A3366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*",
"matchCriteriaId": "05185A74-8484-419D-A3CE-8603928AF0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52C533CA-ACB7-4C0F-98E2-B5E51E24A554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD8D5F0-9606-4BBA-B7F9-ACD089B84DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69184A5E-4FA9-4896-B6E8-1B9D4D62D099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F30C4FF9-DB76-4B3F-9582-752097B3D521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF55705-42ED-4503-8534-FDEA365E84E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB548763-E1A7-4DB1-BE86-ED5AA1CA81BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "6B28429A-F343-4BE8-A94D-5A5AC3F6258C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF64064-1C35-4888-BBC2-52F68EF9517F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DADD1E6-3454-4C1E-AD46-82D79CB8F528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E02DA21-B25B-4626-BFDC-61AA8AF3537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFA39E3-A614-4A64-B29C-86D6F12F1557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4434A4-EE82-46A1-9293-345991515369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD3B48-C978-4FDB-B157-85F3E971446B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "6050CADE-7BAF-45B7-A031-F70558C7CE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0186ADA-0E20-4E14-B9D5-19CDFC1BD98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD75FF0F-A36C-40AF-A99E-1596A6A6FE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_plus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "BED8CEF9-6AEC-4771-98F7-051E4B3E0848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5603FDAD-A347-4A44-BC45-1ADC44601D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5086D7CF-EBAB-4E30-98E0-0D276CC1C707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:common_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FAD043E-3ABE-46D7-AD17-A68858692A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C13B0E1-DCEE-46E5-81A3-C08C07C58B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257CC950-F1BB-4D0A-9B05-98A58DB67532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_ez_antivirus:r7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A641A2-4147-4C41-B102-18417ECA9339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "29FEABEE-DC17-4620-B088-B24249865931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:gateway_security:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B44F941C-83DC-4EDA-B258-C35F5EDA819E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0281F80B-CF9C-482D-B7A9-3B2651BD0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F7E184-EA23-487C-83ED-65CF8DD2DB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951062B1-C72B-4EAF-BA54-6986434036FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC845898-3D77-4793-971E-5E1555ED9CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0115D81C-2CA2-424C-BE4B-0896C9ADA68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:r8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A38801CD-167E-408E-89BD-52BB1B89041B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AEE8BC-8D0E-464F-88B7-5C2C2D372AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:arcserve_backup:r12.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0486108C-E36C-4746-919E-C760E10EBAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:arcserve_backup:r12.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CD2F60F0-E8B8-46E6-932E-DF9F4457B47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8713893-59CE-486A-9262-E755A8F2D58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587."
},
{
"lang": "es",
"value": "Vulnerabilidad inespec\u00edfica en el componente arclib en el motor antivirus en CA Anti-Virus para empresas (anteriormente eTrust Antivirus) desde v7.1 hasta r8.1; Anti-Virus desde 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite desde 2007 (v3) hasta Plus 2009; y otros productos de CA permite a atacantes remotos producir una denegaci\u00f3n de servicio a trav\u00e9s de un archivo RAR manipulado que inicia la corrupci\u00f3n de la pila, una vulnerabilidad diferente que CVE-2009-3587."
}
],
"id": "CVE-2009-3588",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-13T10:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/58691 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/36976 | Third Party Advisory | |
| cve@mitre.org | http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 | Broken Link, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/507068/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/36653 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1022999 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/2852 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/53697 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/58691 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36976 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 | Broken Link, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507068/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36653 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022999 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2852 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53697 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | anti-virus | 2007 | |
| broadcom | anti-virus | 2008 | |
| broadcom | anti-virus_for_the_enterprise | 7.1 | |
| broadcom | anti-virus_for_the_enterprise | r8 | |
| broadcom | anti-virus_sdk | * | |
| broadcom | common_services | 11 | |
| broadcom | common_services | 11.1 | |
| broadcom | etrust_antivirus | 7.1 | |
| broadcom | etrust_antivirus | 8 | |
| broadcom | etrust_antivirus | 8.1 | |
| broadcom | etrust_integrated_threat_management | 8.1 | |
| broadcom | etrust_intrusion_detection | 3.0 | |
| broadcom | etrust_secure_content_manager | 1.1 | |
| broadcom | internet_security_suite | * | |
| broadcom | internet_security_suite | 3.0 | |
| broadcom | network_and_systems_management | r3.0 | |
| broadcom | network_and_systems_management | r3.1 | |
| broadcom | network_and_systems_management | r11 | |
| broadcom | network_and_systems_management | r11.1 | |
| broadcom | secure_content_manager | 1.1 | |
| broadcom | secure_content_manager | 8.0 | |
| broadcom | unicenter_network_and_systems_management | 3.0 | |
| broadcom | unicenter_network_and_systems_management | 3.1 | |
| broadcom | unicenter_network_and_systems_management | 11 | |
| broadcom | unicenter_network_and_systems_management | 11.1 | |
| ca | anti-virus | 2009 | |
| ca | anti-virus_for_the_enterprise | r8.1 | |
| ca | anti-virus_gateway | 7.1 | |
| ca | anti-virus_plus | 2009 | |
| ca | arcserve_backup | r11.5 | |
| ca | arcserve_for_windows_client_agent | * | |
| ca | arcserve_for_windows_server_component | * | |
| ca | common_services | 3.1 | |
| ca | etrust_anti-virus_gateway | 7.1 | |
| ca | etrust_anti-virus_sdk | * | |
| ca | etrust_ez_antivirus | r7.1 | |
| ca | etrust_intrusion_detection | 2.0 | |
| ca | etrust_intrusion_detection | 3.0 | |
| ca | etrust_secure_content_manager | 8.0 | |
| ca | gateway_security | r8.1 | |
| ca | internet_security_suite_2008 | * | |
| ca | internet_security_suite_plus_2008 | * | |
| ca | internet_security_suite_plus_2009 | * | |
| ca | protection_suites | r2 | |
| ca | protection_suites | r3 | |
| ca | protection_suites | r3.1 | |
| ca | threat_manager | 8.1 | |
| ca | threat_manager | r8 | |
| ca | threat_manager_total_defense | * | |
| ca | arcserve_backup | r11.1 | |
| ca | arcserve_backup | r11.5 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2007:8:*:*:*:*:*:*",
"matchCriteriaId": "C469EBBE-EE96-4CED-BD8C-36461750C6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E892B-0EE8-4B76-97B8-0BAF17E83F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "11BCD267-E8CE-4A97-B769-5F4CAF9830D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "865B7BD2-3AD1-41CA-842B-47BC4F1426DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2FA702-184A-44FF-8DEA-7811804EE175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D301B65D-A20B-4991-A0D8-DFE3363F162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A08C715-A351-466D-99EC-006C106A3366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*",
"matchCriteriaId": "05185A74-8484-419D-A3CE-8603928AF0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52C533CA-ACB7-4C0F-98E2-B5E51E24A554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD8D5F0-9606-4BBA-B7F9-ACD089B84DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69184A5E-4FA9-4896-B6E8-1B9D4D62D099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F30C4FF9-DB76-4B3F-9582-752097B3D521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF55705-42ED-4503-8534-FDEA365E84E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB548763-E1A7-4DB1-BE86-ED5AA1CA81BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "6B28429A-F343-4BE8-A94D-5A5AC3F6258C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF64064-1C35-4888-BBC2-52F68EF9517F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DADD1E6-3454-4C1E-AD46-82D79CB8F528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E02DA21-B25B-4626-BFDC-61AA8AF3537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFA39E3-A614-4A64-B29C-86D6F12F1557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4434A4-EE82-46A1-9293-345991515369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD3B48-C978-4FDB-B157-85F3E971446B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "6050CADE-7BAF-45B7-A031-F70558C7CE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0186ADA-0E20-4E14-B9D5-19CDFC1BD98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD75FF0F-A36C-40AF-A99E-1596A6A6FE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_plus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "BED8CEF9-6AEC-4771-98F7-051E4B3E0848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5603FDAD-A347-4A44-BC45-1ADC44601D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5086D7CF-EBAB-4E30-98E0-0D276CC1C707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:common_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FAD043E-3ABE-46D7-AD17-A68858692A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C13B0E1-DCEE-46E5-81A3-C08C07C58B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257CC950-F1BB-4D0A-9B05-98A58DB67532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_ez_antivirus:r7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A641A2-4147-4C41-B102-18417ECA9339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "29FEABEE-DC17-4620-B088-B24249865931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:gateway_security:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B44F941C-83DC-4EDA-B258-C35F5EDA819E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0281F80B-CF9C-482D-B7A9-3B2651BD0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F7E184-EA23-487C-83ED-65CF8DD2DB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951062B1-C72B-4EAF-BA54-6986434036FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC845898-3D77-4793-971E-5E1555ED9CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0115D81C-2CA2-424C-BE4B-0896C9ADA68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:r8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A38801CD-167E-408E-89BD-52BB1B89041B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AEE8BC-8D0E-464F-88B7-5C2C2D372AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8713893-59CE-486A-9262-E755A8F2D58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente arclib en el motor Anti-Virus en CA Anti-Virus para Enterprise (formalmente eTrust Antivirus) v7.1 hasta v8.1; Anti-Virus 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) hasta Plus 2009; y otros productos CA permite a atacantes remotos causar una denegaci\u00f3n de servicio y ejecutar probablemente c\u00f3digo de su elecci\u00f3n a trav\u00e9s del archivo RAR manipulado que provoca una corrupci\u00f3n de la memoria din\u00e1mica, una vulnerabilidad diferente que CVE-2009-3588."
}
],
"id": "CVE-2009-3587",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-13T10:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/58691"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/58691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-06 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/25570 | Patch, Vendor Advisory | |
| cve@mitre.org | http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/105105 | US Government Resource | |
| cve@mitre.org | http://www.osvdb.org/35245 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/470602/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/470754/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24330 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1018199 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2072 | ||
| cve@mitre.org | http://www.zerodayinitiative.com/advisories/ZDI-07-035.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/34737 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25570 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/105105 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/35245 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/470602/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/470754/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24330 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018199 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-07-035.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/34737 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | anti-virus_for_the_enterprise | 8 | |
| broadcom | brightstor_arcserve_backup | 9.01 | |
| broadcom | brightstor_arcserve_backup | 10.5 | |
| broadcom | brightstor_arcserve_backup | 11 | |
| broadcom | brightstor_arcserve_backup | 11.1 | |
| broadcom | brightstor_arcserve_backup | 11.5 | |
| broadcom | common_services | 1.0 | |
| broadcom | common_services | 1.1 | |
| broadcom | common_services | 2.0 | |
| broadcom | common_services | 2.1 | |
| broadcom | common_services | 2.2 | |
| broadcom | common_services | 3.0 | |
| broadcom | etrust_antivirus | 8.0 | |
| broadcom | etrust_antivirus | 8.1 | |
| broadcom | etrust_antivirus_gateway | 7.1 | |
| broadcom | etrust_antivirus_sdk | * | |
| broadcom | etrust_ez_antivirus | 6.1 | |
| broadcom | etrust_ez_antivirus | 7.0 | |
| broadcom | etrust_ez_armor | 1.0 | |
| broadcom | etrust_ez_armor | 2.0 | |
| broadcom | etrust_ez_armor | 3.0 | |
| broadcom | etrust_ez_armor | 3.1 | |
| broadcom | integrated_threat_management | 8.0 | |
| broadcom | internet_security_suite | 1.0 | |
| broadcom | internet_security_suite | 2.0 | |
| broadcom | internet_security_suite | 3.0 | |
| broadcom | unicenter_network_and_systems_management | 3.0 | |
| broadcom | unicenter_network_and_systems_management | 3.1 | |
| broadcom | unicenter_network_and_systems_management | 11 | |
| broadcom | unicenter_network_and_systems_management | 11.1 | |
| ca | etrust_secure_content_manager | 8.0 | |
| ca | protection_suites | r2 | |
| ca | protection_suites | r3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B76576-ABB1-439E-80B0-0B5AAE14BA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "443AB333-2C99-42FF-8F4E-A487BF588E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*",
"matchCriteriaId": "8C339825-77F9-478A-B1F7-A297D5715396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0DD264-59A8-4B76-8D7F-138AEA7B1912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "062DB370-929D-4FE1-A925-2FB5706C9409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7957A4-D763-488F-B2B1-E00F428AD1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5A6578-902D-4D9F-AB19-C6484E878CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E79928-E5E2-42E5-9E09-58ADF9E76A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7587982-C722-4754-8744-8C7D43E191B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71D3160D-539D-4E26-8B0B-C372315EE700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52C533CA-ACB7-4C0F-98E2-B5E51E24A554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD2FE1C-8894-41EC-B686-932F0ACC41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4996345-E5B0-42E2-8592-41B9BC805740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D938FC-E8E6-4709-BF6D-EF4833AF7D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "538F7CEC-D8A8-444F-9A9C-D1FF01EA7450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "714BCFBA-B843-4C14-AA78-F7CF17899D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C61D9546-7619-465B-B3CA-C60218CD574B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59035C39-14BA-4874-8874-75AA52D9AA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4292DD3A-6B79-43E0-8D2F-267375A3CBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:integrated_threat_management:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C167CC34-95AE-45CD-A1CE-64FF738DE25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F3CAC8-447B-467B-87C1-DD565B41515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B61BE84B-3BDA-489E-94E8-187A1B0F9281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFA39E3-A614-4A64-B29C-86D6F12F1557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4434A4-EE82-46A1-9293-345991515369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD3B48-C978-4FDB-B157-85F3E971446B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el motor antivirus anterior a la actualizaci\u00f3n de contenido 30.6 de m\u00faltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un valor largo no v\u00e1lido del campo coffFiles en un fichero .CAB."
}
],
"id": "CVE-2007-2864",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-06T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25570"
},
{
"source": "cve@mitre.org",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/105105"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35245"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24330"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018199"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/105105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470602/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470754/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34737"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-26 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567 | Patch | |
| cve@mitre.org | http://secunia.com/advisories/26155 | Patch, Vendor Advisory | |
| cve@mitre.org | http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp | Patch | |
| cve@mitre.org | http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/474601/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/474605/100/100/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/474683/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25049 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1018450 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2639 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/35573 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26155 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/474601/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/474605/100/100/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/474683/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25049 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018450 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/35573 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | anti-spyware | 2007 | |
| broadcom | anti-virus_for_the_enterprise | * | |
| broadcom | anti-virus_for_the_enterprise | 7.0 | |
| broadcom | anti-virus_for_the_enterprise | 7.1 | |
| broadcom | anti-virus_for_the_enterprise | 8 | |
| broadcom | anti-virus_for_the_enterprise | 8.1 | |
| broadcom | anti_virus_sdk | * | |
| broadcom | antispyware_for_the_enterprise | 8 | |
| broadcom | antispyware_for_the_enterprise | 8.1 | |
| broadcom | antivirus_sdk | * | |
| broadcom | brightstor_arcserve_backup | 9.01 | |
| broadcom | brightstor_arcserve_backup | 11.1 | |
| broadcom | brightstor_arcserve_backup | 11.5 | |
| broadcom | brightstor_arcserve_client | * | |
| broadcom | brightstor_enterprise_backup | 10.5 | |
| broadcom | brigthstor_arcserve_client_for_windows | * | |
| broadcom | common_services | 11 | |
| broadcom | common_services | 11.1 | |
| broadcom | etrust_antivirus | 8 | |
| broadcom | etrust_antivirus_gateway | 7.1 | |
| broadcom | etrust_ez_antivirus | 6.1 | |
| broadcom | etrust_ez_antivirus | 7 | |
| broadcom | etrust_ez_armor | 1 | |
| broadcom | etrust_ez_armor | 2 | |
| broadcom | etrust_ez_armor | 3 | |
| broadcom | etrust_internet_security_suite | 1 | |
| broadcom | etrust_internet_security_suite | 2 | |
| broadcom | etrust_intrusion_detection | 2.0 | |
| broadcom | etrust_intrusion_detection | 3.0 | |
| broadcom | internet_security_suite | 3.0 | |
| broadcom | secure_content_manager | 1.1 | |
| broadcom | secure_content_manager | 8.0 | |
| broadcom | threat_manager | 8 | |
| broadcom | unicenter_network_and_systems_management | 3.0 | |
| broadcom | unicenter_network_and_systems_management | 3.1 | |
| broadcom | unicenter_network_and_systems_management | 11 | |
| broadcom | unicenter_network_and_systems_management | 11.1 | |
| ca | brightstor_arcserve_backup | 11 | |
| ca | etrust_intrusion_detection | 3.0 | |
| ca | protection_suites | r2 | |
| ca | protection_suites | r3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "385B8B52-F5EA-4E13-A7EE-C2D1B694C785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCEAF14-75C0-4B4E-BACB-B84D69A276BA",
"versionEndIncluding": "8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA94302-1501-4744-8296-6A6CD763DC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B76576-ABB1-439E-80B0-0B5AAE14BA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE175BB8-DF9B-4DA0-AD2F-885CC13BB812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti_virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C02D3C8C-D739-4538-8660-1ED99FFE673F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8:*:*:*:*:*:*:*",
"matchCriteriaId": "4545DACA-EFD3-4764-897B-844C010B49E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "877B83A0-A399-4B1A-9324-481DF04A104C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:antivirus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1A8FDA-3780-440A-BDAB-3BE11BF76951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D546DEE1-E8A0-4321-AE5E-1DEEE719FC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:brigthstor_arcserve_client_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "672B430D-3BE7-4BA0-A0A6-7ABED96DE892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2FA702-184A-44FF-8DEA-7811804EE175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D301B65D-A20B-4991-A0D8-DFE3363F162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*",
"matchCriteriaId": "05185A74-8484-419D-A3CE-8603928AF0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD2FE1C-8894-41EC-B686-932F0ACC41C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D938FC-E8E6-4709-BF6D-EF4833AF7D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_antivirus:7:*:*:*:*:*:*:*",
"matchCriteriaId": "463CBA1F-89DC-4D24-8F27-276406D423ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*",
"matchCriteriaId": "330B61D3-302D-46A7-92F2-DF68B0BBB1B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:2:*:*:*:*:*:*:*",
"matchCriteriaId": "76D8B409-194E-4588-AE69-6E42090C443C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1FDED6-7616-4F92-B660-47BE99EAD4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC5201-F780-42BD-B859-163E79E65FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EF0113-DBFB-41F8-AE3F-B4B8C77ED159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C00221F9-33EE-4221-A5B3-A1AE42A7B9D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DADD1E6-3454-4C1E-AD46-82D79CB8F528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E02DA21-B25B-4626-BFDC-61AA8AF3537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:threat_manager:8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8EE8B0-CAA6-46CB-8A8E-66F3FD49FEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFA39E3-A614-4A64-B29C-86D6F12F1557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4434A4-EE82-46A1-9293-345991515369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD3B48-C978-4FDB-B157-85F3E971446B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
"matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid \"previous listing chunk number\" field in a CHM file."
},
{
"lang": "es",
"value": "arclib.dll anterior a 7.3.0.9 en CA Anti-Virus (formalmente eTrust Antivirus) 8 y otros ciertos productos CA permiten a atacantes remotos provocar denegaci\u00f3n de servicio (bucles infinitos y perdida de funcionalidad antivirus) a trav\u00e9s de un campo\"listado previo de un trozo de n\u00famero\" en un cierto archivo CHM."
}
],
"id": "CVE-2007-3875",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-26T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26155"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/474601/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/474605/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/474683/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25049"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018450"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2639"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/474601/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/474605/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/474683/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35573"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-28 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx | Vendor Advisory | |
| cve@mitre.org | http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/500417/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/33464 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1021639 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0270 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/48261 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/500417/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/33464 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0270 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/48261 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | anti-spyware | 2007 | |
| broadcom | anti-spyware | 2008 | |
| broadcom | anti-spyware_for_the_enterprise | 8.1 | |
| broadcom | anti-spyware_for_the_enterprise | r8 | |
| broadcom | anti-virus | 2007 | |
| broadcom | anti-virus | 2008 | |
| broadcom | anti-virus_for_the_enterprise | 7.1 | |
| broadcom | anti-virus_for_the_enterprise | 8.1 | |
| broadcom | anti-virus_for_the_enterprise | r8 | |
| broadcom | anti-virus_sdk | * | |
| broadcom | antivirus_gateway | 7.1 | |
| broadcom | arcserve_client_agent | - | |
| broadcom | common_services | 11 | |
| broadcom | common_services | 11.1 | |
| broadcom | etrust_ez_antivirus | r6.1 | |
| broadcom | etrust_ez_antivirus | r7 | |
| broadcom | etrust_intrusion_detection | 3.0 | |
| broadcom | etrust_intrusion_detection | 4.0 | |
| broadcom | network_and_systems_management | r3.0 | |
| broadcom | network_and_systems_management | r3.1 | |
| broadcom | network_and_systems_management | r11 | |
| broadcom | network_and_systems_management | r11.1 | |
| broadcom | secure_content_manager | 8.0 | |
| broadcom | secure_content_manager | 8.1 | |
| ca | arcserve_backup | r11.1 | |
| ca | arcserve_backup | r11.1 | |
| ca | arcserve_backup | r11.5_nil_ | |
| ca | arcserve_backup | r11.5_nil_ | |
| ca | arcserve_backup | r12.0_nil_ | |
| ca | etrust_intrusion_detection | 2.0 | |
| ca | etrust_intrusion_detection | 3.0 | |
| ca | internet_security_suite_2007 | 3 | |
| ca | internet_security_suite_2008 | * | |
| ca | internet_security_suite_plus_2008 | * | |
| ca | protection_suites | r2 | |
| ca | protection_suites | r3 | |
| ca | protection_suites | r3.1 | |
| ca | threat_manager_for_the_enterprise | 8.1 | |
| ca | threat_manager_for_the_enterprise | r8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "385B8B52-F5EA-4E13-A7EE-C2D1B694C785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-spyware:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "145A8680-6EDC-47CB-9754-F29D45251E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-spyware_for_the_enterprise:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89F14F0B-C67C-4EF4-81DE-A5DB9A607CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-spyware_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB09F459-B652-4C6F-B481-89E73D750BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2007:8:*:*:*:*:*:*",
"matchCriteriaId": "C469EBBE-EE96-4CED-BD8C-36461750C6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E892B-0EE8-4B76-97B8-0BAF17E83F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE175BB8-DF9B-4DA0-AD2F-885CC13BB812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "11BCD267-E8CE-4A97-B769-5F4CAF9830D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "865B7BD2-3AD1-41CA-842B-47BC4F1426DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:antivirus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E779636-EBB1-4A8A-BB87-E6759E92BE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:arcserve_client_agent:-:*:windows:*:*:*:*:*",
"matchCriteriaId": "8E8F42A2-E1D8-4224-8D3F-EA644D490347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2FA702-184A-44FF-8DEA-7811804EE175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D301B65D-A20B-4991-A0D8-DFE3363F162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_antivirus:r6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C94D2000-2B28-4055-B528-437E2399F2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_ez_antivirus:r7:*:*:*:*:*:*:*",
"matchCriteriaId": "E8741DC0-CCDD-456D-B155-24A4A447A2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D703BC4-2604-415D-ABA7-E2ED92B82FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF55705-42ED-4503-8534-FDEA365E84E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB548763-E1A7-4DB1-BE86-ED5AA1CA81BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "6B28429A-F343-4BE8-A94D-5A5AC3F6258C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF64064-1C35-4888-BBC2-52F68EF9517F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E02DA21-B25B-4626-BFDC-61AA8AF3537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77203D28-404B-464B-A444-6D17C91517FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.1:_nil_:linux:*:*:*:*:*",
"matchCriteriaId": "7B114475-CA4D-49CB-BAC5-D7282CB3E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.1:_nil_:windows:*:*:*:*:*",
"matchCriteriaId": "69135166-4E5A-4D22-9EB7-B052D5B5D751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5_nil_:linux:*:*:*:*:*:*",
"matchCriteriaId": "585DAE6C-4516-4D00-987F-4BCE3D68190C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5_nil_:windows:*:*:*:*:*:*",
"matchCriteriaId": "1CC0D532-65D5-491A-A0F3-1FFA1C95F0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r12.0_nil_:windows:*:*:*:*:*:*",
"matchCriteriaId": "1CBFEC61-C17D-4A3F-A7EA-1F45E729172A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "29FEABEE-DC17-4620-B088-B24249865931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*",
"matchCriteriaId": "636F7EE3-22C6-4400-AE70-E8AFA0B9E2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0281F80B-CF9C-482D-B7A9-3B2651BD0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F7E184-EA23-487C-83ED-65CF8DD2DB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC845898-3D77-4793-971E-5E1555ED9CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_for_the_enterprise:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FA3811-B3C7-4CD5-A399-EB427BDB50DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7E12A7-F92F-47E3-B810-4019FD885B60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades sin especificar en la bilioteca Arclib (arclib.dll) anterior a v 7.3.0.15 en el motor de CA Anti-Virus para CA Anti-Virus Enterprise v7.1, r8, y r8.1; Anti-Virus 2007 v8 y 2008; Internet Security Suite 2007 v3 y 2008; y otros productos CA, permite a atacantes remotos evitar la detecci\u00f3n de virus a trav\u00e9s de un fichero mal formado."
}
],
"id": "CVE-2009-0042",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-28T01:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx"
},
{
"source": "cve@mitre.org",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500417/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33464"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021639"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0270"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500417/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}