CVE-2009-3587

2009-10-1310:30:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

vulnerability

arclib

ca anti-virus

denial of service

arbitrary code

rar archive

nvd

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.344 Low

EPSS

Percentile

97.1%

JSON

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.

CPENameOperatorVersion
ca:internet_security_suite_plus_2009ca internet security suite plus 2009eq*
ca:gateway_securityca gateway securityeqr8.1
ca:common_servicesca common serviceseq3.1
ca:etrust_secure_content_managerca etrust secure content managereq8.0
ca:etrust_anti-virus_sdkca etrust anti-virus sdkeq*
ca:anti-virus_for_the_enterpriseca anti-virus for the enterpriseeqr8.1
ca:arcserve_for_windows_server_componentca arcserve for windows server componenteq*
ca:etrust_intrusion_detectionca etrust intrusion detectioneq2.0
ca:threat_managerca threat managereq8.1
ca:protection_suitesca protection suiteseqr3

CPE	Name	Operator	Version
ca:internet_security_suite_plus_2009	ca internet security suite plus 2009	eq	*
ca:gateway_security	ca gateway security	eq	r8.1
ca:common_services	ca common services	eq	3.1
ca:etrust_secure_content_manager	ca etrust secure content manager	eq	8.0
ca:etrust_anti-virus_sdk	ca etrust anti-virus sdk	eq	*
ca:anti-virus_for_the_enterprise	ca anti-virus for the enterprise	eq	r8.1
ca:arcserve_for_windows_server_component	ca arcserve for windows server component	eq	*
ca:etrust_intrusion_detection	ca etrust intrusion detection	eq	2.0
ca:threat_manager	ca threat manager	eq	8.1
ca:protection_suites	ca protection suites	eq	r3