漏洞信息详情

CA eTrust多个产品Arclib.DLL畸形CHM文件处理拒绝服务漏洞

漏洞简介

eTrust是CA推出的系列杀毒产品,现在更名为Anti-Virus for the Enterprise、Threat Manager、Anti-Spyware for the Enterprise等产品。 eTrust产品中的Arclib.DLL库存在安全漏洞,如果杀毒引擎扫描到了设置有无效previous listing chunk number字段的畸形CHM文件,扫描程序就会陷入死循环,无法再处理其他文件。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp

参考网址

来源: BID 名称: 25049 链接:http://www.securityfocus.com/bid/25049 来源: VUPEN 名称: ADV-2007-2639 链接:http://www.frsirt.com/english/advisories/2007/2639 来源: supportconnectw.ca.com 链接:http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp 来源: SECUNIA 名称: 26155 链接:http://secunia.com/advisories/26155 来源: IDEFENSE 名称: 20070724 Computer Associates AntiVirus CHM File Handling DoS Vulnerability 链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567 来源: XF 名称: ca-arclib-chm-dos(35573) 链接:http://xforce.iss.net/xforce/xfdb/35573 来源: SECTRACK 名称: 1018450 链接:http://www.securitytracker.com/id?1018450 来源: BUGTRAQ 名称: 20070726 RE: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities 链接:http://www.securityfocus.com/archive/1/archive/1/474683/100/0/threaded 来源: BUGTRAQ 名称: 20070725 n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory 链接:http://www.securityfocus.com/archive/1/archive/1/474605/100/100/threaded 来源: BUGTRAQ 名称: 20070725 [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities 链接:http://www.securityfocus.com/archive/1/archive/1/474601/100/0/threaded 来源: www.ca.com 链接:http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多