Title: Computer Associates Multiple Products Arclib.DLL Malformed CHM File Denial Of Service Vulnerability
Severity: MODERATE
Description:
Multiple Computer Associates products are prone to a denial-of-service vulnerability. These products include:
CA Anti-Virus for the Enterprise
CA Anti-Virus 2007
eTrust EZ Antivirus
CA Internet Security Suite 2007
eTrust Internet Security Suite
eTrust EZ Armor
CA Threat Manager for the Enterprise
CA Anti-Virus Gateway
CA Protection Suites
CA Secure Content Manager
CA Anti-Spyware for the Enterprise
CA Anti-Spyware 2007
Unicenter Network and Systems Management
BrightStor ARCserve Backup
BrightStor ARCserve Client agent for Windows
eTrust Intrusion Detection
CA Common Services
CA Anti-Virus SDK
This issue occurs because the applications fail to handle malformed CHM files that contain an invalid 'previous listing chunk number' field. This will cause the affected applications to fall into an infinite loop.
An attacker can exploit this issue by constructing a malformed CHM file and enticing an unsuspecting user to open the file using one of the affected applications.
Successfully exploiting this issue will cause the affected applications to stop responding, denying service to legitimate users.
This issue affects applications that use the 'arclib.dll' library versions prior to 7.3.0.9.
Affected Products:
- Computer Associates ARCServe Client agent for Windows
- Computer Associates Anti-Spyware 2007
- Computer Associates Anti-Spyware for the Enterprise r8
- Computer Associates Anti-Spyware for the Enterprise r8.1
- Computer Associates Anti-Virus 2007 8
- Computer Associates Anti-Virus Gateway 7.1
- Computer Associates Anti-Virus SDK
- Computer Associates Anti-Virus for the Enterprise r8
- Computer Associates BrightStor ARCServe Backup 10.5
- Computer Associates BrightStor ARCServe Backup 11.1.0
- Computer Associates BrightStor ARCServe Backup 11.5
- Computer Associates Common Services r11
- Computer Associates Common Services r11.1
- Computer Associates Internet Security Suite 2007 3.0
- Computer Associates Protection Suites r2
- Computer Associates Protection Suites r3
- Computer Associates Unicenter Network and Systems Management 11
- Computer Associates Unicenter Network and Systems Management 11.1
- Computer Associates Unicenter Network and Systems Management 3.0
- Computer Associates Unicenter Network and Systems Management 3.0.0
- Computer Associates Unicenter Network and Systems Management 3.1
- Computer Associates Unicenter Network and Systems Management 3.1.0
- Computer Associates eTrust Antivirus 6.1.0
- Computer Associates eTrust Antivirus 7.0.0
- Computer Associates eTrust Antivirus 7.1.0
- Computer Associates eTrust Antivirus r8
- Computer Associates eTrust Antivirus r8.1
- Computer Associates eTrust EZ Armor 1.0.0
- Computer Associates eTrust EZ Armor 2.0.0
- Computer Associates eTrust EZ Armor 3.0.0
- Computer Associates eTrust EZ Armor 3.1.0
- Computer Associates eTrust Internet Security Suite R2
- Computer Associates eTrust Internet Security Suite r1
- Computer Associates eTrust Intrusion Detection 2.0.0 SP1
- Computer Associates eTrust Intrusion Detection 3.0.0
- Computer Associates eTrust Intrusion Detection 3.0.0 SP 1
- Computer Associates eTrust Secure Content Manager 1.1.0
- Computer Associates eTrust Secure Content Manager 8.0.0
References:
- Computer Associates: Security Notice for CA products containing Arclib
- iDefense Labs: Computer Associates AntiVirus CHM File Handling DoS Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
