Vulnerability Name:

CVE-2007-3875 (CCN-35573)

Assigned:2007-07-24
Published:2007-07-24
Updated:2021-04-14
Summary:arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-3875

Source: IDEFENSE
Type: Patch
20070724 Computer Associates AntiVirus CHM File Handling DoS Vulnerability

Source: CCN
Type: SA26155
CA Products CHM and RAR File Processing Denial of Service Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
26155

Source: CCN
Type: SECTRACK ID: 1018450
eTrust Antivirus Bugs in Arclib Library Let Remote Users Deny Service

Source: CCN
Type: CA SupportConnect July 24th, 2007
Security Notice for CA products containing Arclib

Source: CONFIRM
Type: Patch
http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp

Source: CONFIRM
Type: UNKNOWN
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847

Source: CCN
Type: n.runs-SA-2007.024
CA eTrust Antivirus Infinite Loop DoS Advisory

Source: CCN
Type: OSVDB ID: 38611
CA Multiple Products arclib.dll Crafted CHM File Processing DoS

Source: BUGTRAQ
Type: UNKNOWN
20070725 [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20070725 n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory

Source: BUGTRAQ
Type: UNKNOWN
20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

Source: BID
Type: Patch
25049

Source: CCN
Type: BID-25049
Computer Associates Multiple Products Arclib.DLL Malformed CHM File Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018450

Source: VUPEN
Type: UNKNOWN
ADV-2007-2639

Source: XF
Type: UNKNOWN
ca-arclib-chm-dos(35573)

Source: XF
Type: UNKNOWN
ca-arclib-chm-dos(35573)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 07.24.07
Computer Associates AntiVirus CHM File Handling DoS Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti_virus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:antispyware_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:antispyware_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:antivirus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_client:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brigthstor_arcserve_client_for_windows:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:threat_manager:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_backup:11.0::windows:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8::enterprise:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:antivirus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:antispyware_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:antispyware_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_client:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom anti-spyware 2007
    broadcom anti-virus for the enterprise 7.0
    broadcom anti-virus for the enterprise 7.1
    broadcom anti-virus for the enterprise 8
    broadcom anti-virus for the enterprise 8.1
    broadcom anti virus sdk *
    broadcom antispyware for the enterprise 8
    broadcom antispyware for the enterprise 8.1
    broadcom antivirus sdk *
    broadcom brightstor arcserve backup 9.01
    broadcom brightstor arcserve backup 11.1
    broadcom brightstor arcserve backup 11.5
    broadcom brightstor arcserve client *
    broadcom brightstor enterprise backup 10.5
    broadcom brigthstor arcserve client for windows *
    broadcom common services 11
    broadcom common services 11.1
    broadcom etrust antivirus 8
    broadcom etrust antivirus gateway 7.1
    broadcom etrust ez antivirus 6.1
    broadcom etrust ez antivirus 7
    broadcom etrust ez armor 1
    broadcom etrust ez armor 2
    broadcom etrust ez armor 3
    broadcom etrust internet security suite 1
    broadcom etrust internet security suite 2
    broadcom etrust intrusion detection 2.0
    broadcom etrust intrusion detection 3.0
    broadcom internet security suite 3.0
    broadcom secure content manager 1.1
    broadcom secure content manager 8.0
    broadcom threat manager 8
    broadcom unicenter network and systems management 3.0
    broadcom unicenter network and systems management 3.1
    broadcom unicenter network and systems management 11
    broadcom unicenter network and systems management 11.1
    ca brightstor arcserve backup 11
    ca etrust intrusion detection 3.0 sp1
    ca protection suites r2
    ca protection suites r3
    ca etrust ez armor 2.0
    ca etrust ez antivirus 6.1
    ca etrust ez antivirus 7.0
    ca brightstor arcserve backup 11.0
    ca etrust intrusion detection 3.0
    ca unicenter nsm 3.0
    ca unicenter nsm 3.1
    ca brightstor arcserve backup 11.1
    ca brightstor arcserve backup 11.5
    ca brightstor arcserve backup 9.01
    ca internet security suite 2007 3
    ca brightstor arcserve backup 10.5
    ca etrust intrusion detection 3.0 sp1
    ca etrust intrusion detection 2.0 sp1
    ca anti-virus for the enterprise 8
    ca anti-virus for the enterprise 8.1
    ca etrust internet security suite 1
    ca etrust internet security suite 2
    ca etrust ez armor 1
    ca etrust ez armor 3
    ca threat manager 8
    ca protection suites 2
    ca protection suites 3.0
    ca secure content manager 8.0
    ca anti-virus gateway 7.1
    ca antivirus sdk *
    ca anti-virus for the enterprise 7.0
    ca anti-virus for the enterprise 7.1
    ca secure content manager 1.1
    ca antispyware for the enterprise 8
    ca antispyware for the enterprise 8.1
    ca anti-spyware 2007
    ca common services 11
    ca common services 11.1
    ca brightstor arcserve client *