CVSS: 10.0EPSS: 2%CPEs: 39EXPL: 0CVE-2009-0042
https://notcve.org/view.php?id=CVE-2009-0042
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. Múltiples vulnerabilidades sin especificar en la bilioteca Arclib (arclib.dll) anterior a v 7.3.0.15 en el motor de CA Anti-Virus para CA Anti-Virus Enterprise v7.1, r8, y r8.1; Anti-Virus 2007 v8 y 2008; Internet Security Suite 2007 v3 y 2008; y otros productos CA, permite a atacantes remotos evitar la detección de virus a través de un fichero mal formado. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601 http://www.securityfocus.com/archive/1/500417/100/0/threaded http://www.securityfocus.com/bid/33464 http://www.securitytracker.com/id?1021639 http://www.vupen.com/english/advisories/2009/0270 https://exchange.xforce.ibmcloud.com/vulnerabilities/48261 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2008-2926
https://notcve.org/view.php?id=CVE-2008-2926
The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request. El Controlador kmxfw.sys en el Sistema de prevención de intrusiones basado en Host (Host-Based Intrusion Prevention System) r8 (HIPS-r8), como el utilizado en CA Internet Security Suite and Personal Firewall, no verifica de forma adecuada las peticiones IOCTL, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente, obtengan privilegios a través de peticiones manipuladas. • http://secunia.com/advisories/31434 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559 http://www.securityfocus.com/archive/1/495397/100/0/threaded http://www.securityfocus.com/bid/30651 http://www.securitytracker.com/id?1020658 http://www.securitytracker.com/id?1020659 http://www.securitytracker.com/id?1020660 http://www.vupen.com/english/advisories/2008/2339 https://exchange.xforce.ibmcloud.com/vulnerabilities/44392 • CWE-20: Improper Input Validation •