Computer Security
[EN] securityvulns.ru no-pyccku


Computer Associates AntiVirus DoS
Published:25.07.2007
Source:
SecurityVulns ID:7975
Type:remote
Threat Level:
5/10
Description:Buffer overflow on CHM and RAR files parsing.
Affected:CA : eTrust Antivirus 8
CVE:CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.)
 CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.)
 CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.)
Original documentdocumentsecurity_(at)_nruns.com, [Full-disclosure] n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory (25.07.2007)
 documentCA, [Full-disclosure] [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities (25.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.24.07: Computer Associates AntiVirus CHM File Handling DoS Vulnerability (25.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod