CA Products CHM and RAR File Processing Denial of Service Vulnerabilities - Secunia Advisories - Vulnerability Information

Vulnerability Information

Vulnerability Scanning

Community

Blog

Corporate Information

Home > Vulnerability Information > Secunia Advisories > CA Products CHM and RAR File Processing Denial of Service Vulnerabilities

Secunia Advisories

Advisories

Advisories by Product

Business Solutions Restricted

Partner Solutions Restricted

About

CA Products CHM and RAR File Processing Denial of Service Vulnerabilities

Secunia Advisory:

SA26155

Advisory Toolbox:

Issue ticket

Save in to-do list

Mark as handled

Exploit information

Download as PDF

Review actions

Add comment

Release Date:

2007-07-25

Last Update:

2007-07-26

Popularity:

18,410 views

Critical:

Moderately critical

Impact:

DoS

Where:

From remote

Solution Status:

Vendor Patch

Software:

BrightStor ARCserve Backup 11.x
BrightStor ARCserve Backup 11.x (for Microsoft SQL Server)
BrightStor ARCserve Backup 11.x (for Open Files)
BrightStor ARCserve Backup 11.x (for Oracle)
BrightStor ARCserve Backup 11.x (for Windows)
BrightStor ARCserve Backup 9.x
BrightStor ARCserve Backup Client Agent 11.x
BrightStor Enterprise Backup 10.x
CA Anti-Spyware 2007
CA Anti-Spyware 8.x
CA Anti-Virus 2007 (8.x)
CA Anti-Virus for the Enterprise 8.x
CA Anti-Virus Gateway 7.x
CA Anti-Virus SDK
CA Common Services (CCS) 11.x
CA Internet Security Suite 2007
CA Protection Suites 2.x
CA Protection Suites 3.x
CA Threat Manager 8.x
CA Unicenter Network and Systems Management (NSM) 11.x
CA Unicenter Network and Systems Management (NSM) 3.x
eTrust Antivirus 6.x
eTrust Antivirus 7.x
eTrust EZ Armor 1.x
eTrust EZ Armor 2.x
eTrust EZ Armor 3.x
eTrust Internet Security Suite 1.x
eTrust Internet Security Suite 2.x
eTrust Intrusion Detection 2.x
eTrust Intrusion Detection 3.x
eTrust Secure Content Manager (SCM)

Secunia CVSS-2 Score:

Available in Secunia business solutions

Subscribe:

Instant alerts on relevant vulnerabilities

Advisory Content (Page 1 of 3)

[ 1 ] [ 2 ] [ 3 ]

Secunia is hiring, read about the open positions here!

Description:
Two vulnerabilities have been reported in various CA products, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An input validation error when processing CHM files can be exploited to cause an infinite loop via a specially crafted CHM file with an invalid 'previous listing chunk number' field.

2) An unspecified error when processing RAR archives can be exploited to cause the application to hang when e.g. scanning a specially crafted RAR archive.

The vulnerabilities affect the following products:
* CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.0, 7.1, r8, r8.1
* CA Anti-Virus 2007 (v8)
* eTrust EZ Antivirus r7, r6.1
* CA Internet Security Suite 2007 (v3)
* eTrust Internet Security Suite r1, r2
* eTrust EZ Armor r1, r2, r3.x
* CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
* CA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus Gateway) 7.1
* CA Protection Suites r2, r3
* CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1, 8.0
* CA Anti-Spyware for the Enterprise (Formerly eTrust PestPatrol) r8, 8.1
* CA Anti-Spyware 2007
* Unicenter Network and Systems Management (NSM) r3.0
* Unicenter Network and Systems Management (NSM) r3.1
* Unicenter Network and Systems Management (NSM) r11
* Unicenter Network and Systems Management (NSM) r11.1
* BrightStor ARCserve Backup r11.5
* BrightStor ARCserve Backup r11.1
* BrightStor ARCserve Backup r11 for Windows
* BrightStor Enterprise Backup r10.5
* BrightStor ARCserve Backup v9.01
* BrightStor ARCserve Client agent for Windows
* eTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1
* CA Common Services (CCS) r11
* CA Common Services (CCS) r11.1
* CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)

Change Page:
[ 1 ] [ 2 ] [ 3 ]

Track this Secunia Advisory

Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory

Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

9th Jul, 2009

New advisories:	18
New vulnerabilities:	21
Updated advisories:	25

Less // 98 views

OCS Inventory Unified Agent Insecure Module Search Path

Moderately // 88 views

Debian update for ocsinventory-agent

Less // 181 views

IBM AIX "syscall" Buffer Overflow Vulnerability

Less // 90 views

Drupal Nodequeue Module Information Disclosure

Less // 211 views

MySQL "dispatch_command()" Denial of Service Vulnerability

Highly // 171 views

eBay Enhanced Picture Services ActiveX Control Vulnerability

Moderately // 114 views

Alibaba Clone "SellerID" and "IndustryID" SQL Injection Vulnerabilities

Highly // 137 views

Joomla Acajoom GPL Component Backdoor Security Issue

Highly // 149 views

Winds3D Viewer "GetURL()" Command Execution Vulnerability

Less // 120 views

Rentventory "username" Cross-Site Scripting Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.