CVE-2009-0042
CA Anti-Virus Engine Detection Evasion
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
Múltiples vulnerabilidades sin especificar en la bilioteca Arclib (arclib.dll) anterior a v 7.3.0.15 en el motor de CA Anti-Virus para CA Anti-Virus Enterprise v7.1, r8, y r8.1; Anti-Virus 2007 v8 y 2008; Internet Security Suite 2007 v3 y 2008; y otros productos CA, permite a atacantes remotos evitar la detección de virus a través de un fichero mal formado.
The CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to evade detection by the Anti-Virus engine by creating a malformed archive file in one of several common file archive formats.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-01-07 CVE Reserved
- 2009-01-28 CVE Published
- 2024-08-07 CVE Updated
- 2025-06-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/500417/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/33464 | Vdb Entry | |
| http://www.securitytracker.com/id?1021639 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/0270 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48261 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Anti-spyware Search vendor "Broadcom" for product "Anti-spyware" | 2007 Search vendor "Broadcom" for product "Anti-spyware" and version "2007" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Anti-spyware Search vendor "Broadcom" for product "Anti-spyware" | 2008 Search vendor "Broadcom" for product "Anti-spyware" and version "2008" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Anti-spyware For The Enterprise Search vendor "Broadcom" for product "Anti-spyware For The Enterprise" | 8.1 Search vendor "Broadcom" for product "Anti-spyware For The Enterprise" and version "8.1" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Anti-spyware For The Enterprise Search vendor "Broadcom" for product "Anti-spyware For The Enterprise" | r8 Search vendor "Broadcom" for product "Anti-spyware For The Enterprise" and version "r8" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Anti-virus Search vendor "Broadcom" for product "Anti-virus" | 2007 Search vendor "Broadcom" for product "Anti-virus" and version "2007" | 8 |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Anti-virus Search vendor "Broadcom" for product "Anti-virus" | 2008 Search vendor "Broadcom" for product "Anti-virus" and version "2008" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Anti-virus For The Enterprise Search vendor "Broadcom" for product "Anti-virus For The Enterprise" | 7.1 Search vendor "Broadcom" for product "Anti-virus For The Enterprise" and version "7.1" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Anti-virus For The Enterprise Search vendor "Broadcom" for product "Anti-virus For The Enterprise" | 8.1 Search vendor "Broadcom" for product "Anti-virus For The Enterprise" and version "8.1" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Anti-virus For The Enterprise Search vendor "Broadcom" for product "Anti-virus For The Enterprise" | r8 Search vendor "Broadcom" for product "Anti-virus For The Enterprise" and version "r8" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Anti-virus Sdk Search vendor "Broadcom" for product "Anti-virus Sdk" | * | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Antivirus Gateway Search vendor "Broadcom" for product "Antivirus Gateway" | 7.1 Search vendor "Broadcom" for product "Antivirus Gateway" and version "7.1" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Arcserve Client Agent Search vendor "Broadcom" for product "Arcserve Client Agent" | - | windows |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Common Services Search vendor "Broadcom" for product "Common Services" | 11 Search vendor "Broadcom" for product "Common Services" and version "11" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Common Services Search vendor "Broadcom" for product "Common Services" | 11.1 Search vendor "Broadcom" for product "Common Services" and version "11.1" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Etrust Ez Antivirus Search vendor "Broadcom" for product "Etrust Ez Antivirus" | r6.1 Search vendor "Broadcom" for product "Etrust Ez Antivirus" and version "r6.1" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Etrust Ez Antivirus Search vendor "Broadcom" for product "Etrust Ez Antivirus" | r7 Search vendor "Broadcom" for product "Etrust Ez Antivirus" and version "r7" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Etrust Intrusion Detection Search vendor "Broadcom" for product "Etrust Intrusion Detection" | 3.0 Search vendor "Broadcom" for product "Etrust Intrusion Detection" and version "3.0" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Etrust Intrusion Detection Search vendor "Broadcom" for product "Etrust Intrusion Detection" | 4.0 Search vendor "Broadcom" for product "Etrust Intrusion Detection" and version "4.0" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Network And Systems Management Search vendor "Broadcom" for product "Network And Systems Management" | r3.0 Search vendor "Broadcom" for product "Network And Systems Management" and version "r3.0" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Network And Systems Management Search vendor "Broadcom" for product "Network And Systems Management" | r3.1 Search vendor "Broadcom" for product "Network And Systems Management" and version "r3.1" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Network And Systems Management Search vendor "Broadcom" for product "Network And Systems Management" | r11 Search vendor "Broadcom" for product "Network And Systems Management" and version "r11" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Network And Systems Management Search vendor "Broadcom" for product "Network And Systems Management" | r11.1 Search vendor "Broadcom" for product "Network And Systems Management" and version "r11.1" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Secure Content Manager Search vendor "Broadcom" for product "Secure Content Manager" | 8.0 Search vendor "Broadcom" for product "Secure Content Manager" and version "8.0" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Secure Content Manager Search vendor "Broadcom" for product "Secure Content Manager" | 8.1 Search vendor "Broadcom" for product "Secure Content Manager" and version "8.1" | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Arcserve Backup Search vendor "Ca" for product "Arcserve Backup" | r11.1 Search vendor "Ca" for product "Arcserve Backup" and version "r11.1" | _nil_, linux |
Affected
| ||||||
| Ca Search vendor "Ca" | Arcserve Backup Search vendor "Ca" for product "Arcserve Backup" | r11.1 Search vendor "Ca" for product "Arcserve Backup" and version "r11.1" | _nil_, windows |
Affected
| ||||||
| Ca Search vendor "Ca" | Arcserve Backup Search vendor "Ca" for product "Arcserve Backup" | r11.5_nil_ Search vendor "Ca" for product "Arcserve Backup" and version "r11.5_nil_" | linux |
Affected
| ||||||
| Ca Search vendor "Ca" | Arcserve Backup Search vendor "Ca" for product "Arcserve Backup" | r11.5_nil_ Search vendor "Ca" for product "Arcserve Backup" and version "r11.5_nil_" | windows |
Affected
| ||||||
| Ca Search vendor "Ca" | Arcserve Backup Search vendor "Ca" for product "Arcserve Backup" | r12.0_nil_ Search vendor "Ca" for product "Arcserve Backup" and version "r12.0_nil_" | windows |
Affected
| ||||||
| Ca Search vendor "Ca" | Etrust Intrusion Detection Search vendor "Ca" for product "Etrust Intrusion Detection" | 2.0 Search vendor "Ca" for product "Etrust Intrusion Detection" and version "2.0" | sp1 |
Affected
| ||||||
| Ca Search vendor "Ca" | Etrust Intrusion Detection Search vendor "Ca" for product "Etrust Intrusion Detection" | 3.0 Search vendor "Ca" for product "Etrust Intrusion Detection" and version "3.0" | sp1 |
Affected
| ||||||
| Ca Search vendor "Ca" | Internet Security Suite 2007 Search vendor "Ca" for product "Internet Security Suite 2007" | 3 Search vendor "Ca" for product "Internet Security Suite 2007" and version "3" | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Internet Security Suite 2008 Search vendor "Ca" for product "Internet Security Suite 2008" | * | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Internet Security Suite Plus 2008 Search vendor "Ca" for product "Internet Security Suite Plus 2008" | * | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Protection Suites Search vendor "Ca" for product "Protection Suites" | r2 Search vendor "Ca" for product "Protection Suites" and version "r2" | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Protection Suites Search vendor "Ca" for product "Protection Suites" | r3 Search vendor "Ca" for product "Protection Suites" and version "r3" | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Protection Suites Search vendor "Ca" for product "Protection Suites" | r3.1 Search vendor "Ca" for product "Protection Suites" and version "r3.1" | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Threat Manager For The Enterprise Search vendor "Ca" for product "Threat Manager For The Enterprise" | 8.1 Search vendor "Ca" for product "Threat Manager For The Enterprise" and version "8.1" | - |
Affected
| ||||||
| Ca Search vendor "Ca" | Threat Manager For The Enterprise Search vendor "Ca" for product "Threat Manager For The Enterprise" | r8 Search vendor "Ca" for product "Threat Manager For The Enterprise" and version "r8" | - |
Affected
| ||||||