CVE-2007-3875

Description

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

Affected products

• Broadcom / anti-spyware2007 – 2007
• Broadcom / antispyware_for_the_enterprise8.1 – 8.1
• Broadcom / antispyware_for_the_enterprise8 – 8
• Broadcom / anti-virus_for_the_enterprise7.1 – 7.1
• Broadcom / anti-virus_for_the_enterprise8 – 8
• Broadcom / anti-virus_for_the_enterprise8.1 – 8.1
• Broadcom / anti-virus_for_the_enterprise8
• Broadcom / anti-virus_for_the_enterprise7.0 – 7.0
• Broadcom / anti-virus_sdk
• Broadcom / antivirus_sdk
• Broadcom / brightstor_arcserve_backup9.01 – 9.01
• Broadcom / brightstor_arcserve_backup11.1 – 11.1
• Broadcom / brightstor_arcserve_backup11.5 – 11.5
• Broadcom / brightstor_arcserve_client
• Broadcom / brightstor_enterprise_backup10.5 – 10.5
• Broadcom / brigthstor_arcserve_client_for_windows
• Broadcom / common_services11 – 11
• Broadcom / common_services11.1 – 11.1
• Broadcom / etrust_antivirus8 – 8
• Broadcom / etrust_antivirus_gateway7.1 – 7.1
• Broadcom / etrust_ez_antivirus6.1 – 6.1
• Broadcom / etrust_ez_antivirus7 – 7
• Broadcom / etrust_ez_armor1 – 1
• Broadcom / etrust_ez_armor2 – 2
• Broadcom / etrust_ez_armor3 – 3
• Broadcom / etrust_internet_security_suite1 – 1
• Broadcom / etrust_internet_security_suite2 – 2
• Broadcom / etrust_intrusion_detection2.0 – 2.0
• Broadcom / etrust_intrusion_detection3.0 – 3.0
• Broadcom / internet_security_suite3.0 – 3.0
• Broadcom / secure_content_manager1.1 – 1.1
• Broadcom / secure_content_manager8.0 – 8.0
• Broadcom / threat_manager8 – 8
• Broadcom / unicenter_network_and_systems_management3.0 – 3.0
• Broadcom / unicenter_network_and_systems_management3.1 – 3.1
• Broadcom / unicenter_network_and_systems_management11 – 11
• Broadcom / unicenter_network_and_systems_management11.1 – 11.1
• ca / brightstor_arcserve_backup11 – 11
• ca / etrust_intrusion_detection3.0 – 3.0
• ca / protection_suitesr2 – r2
• ca / protection_suitesr3 – r3

References

• MISChttp://www.securitytracker.com/id?1018450
• MISChttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847
• MISChttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567
• MISChttp://www.securityfocus.com/archive/1/474605/100/100/threaded
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/2639
• MISChttp://www.securityfocus.com/archive/1/474601/100/0/threaded
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/35573
• MISChttp://www.securityfocus.com/archive/1/474683/100/0/threaded
• MISChttp://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp
• MISChttp://www.securityfocus.com/bid/25049
• VENDOR_ADVISORYhttp://secunia.com/advisories/26155