Check Point Advisories

CA Products AV Engine CHM File Handling Denial of Service (CVE-2007-3875)

Vulnerability
Protection

Check Point Reference:	CPAI-2007-303
Date Published:	25 Feb 2010
Severity:	Medium
Last Updated:	Tuesday 27 December, 2011
Source:
Industry Reference:	CVE-2007-3875
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	CA provides an anti-virus engine that is shared among multiple applications and products. The anti-virus engine is capable of scanning files stored in numerous archive format. One of these archive formats is the Microsoft compiled help files, as known as CHM. There exists a denial of service vulnerability in multiple CA products AV Engine. The vulnerability exists in the component that processes CHM files. A remote unauthenticated attacker can exploit the vulnerability to cause a denial of service condition on the target system through delivering a specially crafted CHM file to the target. Upon a successful attack, the vulnerable CA AV Engine will enter an infinite loop to create a DoS condition. The target host needs to be reboot manually to restore to the normal operation status.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the CA Products AV Engine CHM File Handling Denial of Service protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: CA Products Enforcement Violation.
Attack Information: CA Products AV Engine CHM File handling denial of service