Vulnerability Name:

CVE-2009-0042 (CCN-48261)

Assigned:2009-01-26
Published:2009-01-26
Updated:2021-04-09
Summary:Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: CA Security Response Blog, Jan 26 2009, 10:50 PM
CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities

Source: CONFIRM
Type: Vendor Advisory
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx

Source: MITRE
Type: CNA
CVE-2009-0042

Source: CCN
Type: SA33712
CA Anti-Virus Engine Archive Files Detection Bypass

Source: CCN
Type: SECTRACK ID: 1021639
CA Anti-Virus Arclib Bug Lets Remote Users Bypass Malware Detection

Source: CONFIRM
Type: UNKNOWN
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601

Source: CCN
Type: OSVDB ID: 53604
CA Anti-Virus Arclib Library (arclib.dll) Malformed Archive Scan Bypass

Source: BUGTRAQ
Type: UNKNOWN
20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
33464

Source: CCN
Type: BID-33464
Computer Associates Anti-Virus Engine 'arclib.dll' Multiple Scan Evasion Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1021639

Source: VUPEN
Type: UNKNOWN
ADV-2009-0270

Source: XF
Type: UNKNOWN
ca-antivirus-engine-security-bypass(48261)

Source: XF
Type: UNKNOWN
ca-antivirus-engine-security-bypass(48261)

Source: CCN
Type: CA20090126-01
Security Notice for CA Anti-Virus Engine

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:anti-virus:2008:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-spyware:2008:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-spyware_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:r7:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager_for_the_enterprise:r8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_backup:r11.1:_nil_:windows:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_backup:r11.5_nil_:windows:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_backup:r12.0_nil_:windows:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_backup:r11.1:_nil_:linux:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-spyware_for_the_enterprise:r8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus:2007:8:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_backup:r11.5_nil_:linux:*:*:*:*:*:*
  • OR cpe:/a:broadcom:arcserve_client_agent:-:*:windows:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:r6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_pestpatrol:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8::enterprise:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:-:*:*:*:*:*:*:*
  • OR cpe:/a:ca:antivirus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_integrated_threat_management:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-spyware:2008:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom anti-virus 2008
    ca internet security suite plus 2008 *
    ca internet security suite 2008 *
    broadcom anti-spyware 2008
    broadcom anti-spyware for the enterprise 8.1
    ca etrust intrusion detection 2.0 sp1
    broadcom etrust intrusion detection 3.0
    broadcom etrust ez antivirus r7
    ca threat manager for the enterprise r8
    broadcom network and systems management r3.0
    broadcom network and systems management r3.1
    ca internet security suite 2007 3
    ca threat manager for the enterprise 8.1
    ca arcserve backup r11.1 _nil_
    ca arcserve backup r11.5_nil_ windows
    ca etrust intrusion detection 3.0 sp1
    broadcom etrust intrusion detection 4.0
    ca protection suites r2
    ca protection suites r3.1
    broadcom anti-virus for the enterprise 7.1
    broadcom antivirus gateway 7.1
    broadcom secure content manager 8.0
    ca arcserve backup r12.0_nil_ windows
    ca arcserve backup r11.1 _nil_
    broadcom common services 11
    broadcom common services 11.1
    ca protection suites r3
    broadcom anti-spyware for the enterprise r8
    broadcom anti-virus for the enterprise 8.1
    broadcom anti-virus 2007 8
    broadcom secure content manager 8.1
    broadcom anti-spyware 2007
    ca arcserve backup r11.5_nil_ linux
    broadcom arcserve client agent -
    broadcom anti-virus sdk *
    broadcom anti-virus for the enterprise r8
    broadcom etrust ez antivirus r6.1
    broadcom network and systems management r11
    broadcom network and systems management r11.1
    ca etrust ez antivirus 6.1
    ca etrust ez antivirus 7.0
    ca etrust antivirus gateway 7.1
    ca unicenter nsm 3.0
    ca unicenter nsm 3.1
    ca brightstor arcserve backup 11.1
    ca brightstor arcserve backup 11.5
    ca etrust pestpatrol 8.0
    ca internet security suite 2007 3
    ca anti-virus for the enterprise 8
    ca etrust antivirus 8
    ca anti-virus for the enterprise 8.1
    ca threat manager 8
    ca protection suites 2
    ca protection suites 3.0
    ca secure content manager 8.0
    ca etrust antivirus 8.1
    ca anti-virus gateway 7.1
    ca common services -
    ca antivirus sdk *
    ca anti-virus for the enterprise 7.1
    ca anti-spyware 2007
    ca etrust integrated threat management 8.0
    ca etrust secure content manager 8.0
    ca protection suites 3.1
    ca anti-spyware 2008