Vulnerabilities > CVE-2007-3875

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

broadcom

NVD

Published: 2007-07-26

Updated: 2021-04-14

Summary

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

Vulnerable Configurations

Part	Description	Count
Application	Broadcom Broadcom Anti Spyware 2007 Broadcom Anti Virus FOR THE Enterprise 7.0 Broadcom Anti Virus FOR THE Enterprise 7.1 Broadcom Anti Virus FOR THE Enterprise 8 Broadcom Anti Virus FOR THE Enterprise 8.1 Broadcom Anti Virus SDK * Broadcom Antispyware FOR THE Enterprise 8 Broadcom Antispyware FOR THE Enterprise 8.1 Broadcom Antivirus SDK * Broadcom Brightstor Arcserve Backup 9.01 Broadcom Brightstor Arcserve Backup 11.1 Broadcom Brightstor Arcserve Backup 11.5 Broadcom Brightstor Arcserve Client * Broadcom Brightstor Enterprise Backup 10.5 Broadcom Brigthstor Arcserve Client FOR Windows * Broadcom Common Services 11 Broadcom Common Services 11.1 Broadcom Etrust Antivirus 8 Broadcom Etrust Antivirus Gateway 7.1 Broadcom Etrust EZ Antivirus 6.1 Broadcom Etrust EZ Antivirus 7 Broadcom Etrust EZ Armor 1 Broadcom Etrust EZ Armor 2 Broadcom Etrust EZ Armor 3 Broadcom Etrust Internet Security Suite 1 Broadcom Etrust Internet Security Suite 2 Broadcom Etrust Intrusion Detection 2.0 Broadcom Etrust Intrusion Detection 3.0 Broadcom Internet Security Suite 3.0 Broadcom Secure Content Manager 1.1 Broadcom Secure Content Manager 8.0 Broadcom Threat Manager 8 Broadcom Unicenter Network AND Systems Management 3.0 Broadcom Unicenter Network AND Systems Management 3.1 Broadcom Unicenter Network AND Systems Management 11 Broadcom Unicenter Network AND Systems Management 11.1	36
Application	Ca CA Brightstor Arcserve Backup 11 CA Etrust Intrusion Detection 3.0 CA Protection Suites R2 CA Protection Suites R3	4

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 25049 CVE(CAN) ID: CVE-2007-3875 eTrust是CA推出的系列杀毒产品，现在更名为Anti-Virus for the Enterprise、Threat Manager、Anti-Spyware for the Enterprise等产品。 eTrust产品中的Arclib.DLL库存在安全漏洞，如果杀毒引擎扫描到了设置有无效previous listing chunk number字段的畸形CHM文件，扫描程序就会陷入死循环，无法再处理其他文件。 Computer Associates eTrust Antivirus r8.1 Computer Associates eTrust Antivirus r8 Computer Associates eTrust Antivirus r7.1 Computer Associates eTrust Antivirus r7.0 Computer Associates ------------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href="http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp" target="_blank">http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp</a>
id	SSV:2040
last seen	2017-11-19
modified	2007-07-26
published	2007-07-26
reporter	Root
title	CA eTrust多个产品Arclib.DLL畸形CHM文件处理拒绝服务漏洞

Vulnerabilities > CVE-2007-3875 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2007-3875"}]}

Summary

Vulnerable Configurations

Seebug

References

Vulnerabilities > CVE-2007-3875