CVE-2009-3588

Name: CVE-2009-3588
Creator: NVD / NIST
Published: 2009-10-13T10:30:00.627+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.39%

Last modified Jun 16, 2026

CVE-2009-3588 is a vulnerability of currently unknown severity. Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.. EPSS estimates a 2.39% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.

Metrics

EPSS Probability

2.39%

81.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Broadcom	Anti-Virus	2007	8
Broadcom	Anti-Virus	2008	—
Broadcom	Anti-Virus For The Enterprise	7.1	—
Broadcom	Anti-Virus For The Enterprise	r8	—
Broadcom	Anti-Virus Sdk	All versions	—
Broadcom	Common Services	11	—
Broadcom	Common Services	11.1	—
Broadcom	Etrust Antivirus	7.1	—
Broadcom	Etrust Antivirus	8	—
Broadcom	Etrust Antivirus	8.1	—
Broadcom	Etrust Integrated Threat Management	8.1	—
Broadcom	Etrust Intrusion Detection	3.0	—
Broadcom	Etrust Secure Content Manager	1.1	—
Broadcom	Internet Security Suite	All versions	—
Broadcom	Internet Security Suite	3.0	—
Broadcom	Network And Systems Management	r3.0	—
Broadcom	Network And Systems Management	r3.1	—
Broadcom	Network And Systems Management	r11	—
Broadcom	Network And Systems Management	r11.1	—
Broadcom	Secure Content Manager	1.1	—
Broadcom	Secure Content Manager	8.0	—
Broadcom	Unicenter Network And Systems Management	3.0	—
Broadcom	Unicenter Network And Systems Management	3.1	—
Broadcom	Unicenter Network And Systems Management	11	—
Broadcom	Unicenter Network And Systems Management	11.1	—
Ca	Anti-Virus	2009	—
Ca	Anti-Virus For The Enterprise	r8.1	—
Ca	Anti-Virus Gateway	7.1	—
Ca	Anti-Virus Plus	2009	—
Ca	Arcserve For Windows Client Agent	All versions	—
Ca	Arcserve For Windows Server Component	All versions	—
Ca	Common Services	3.1	—
Ca	Etrust Anti-Virus Gateway	7.1	—
Ca	Etrust Anti-Virus Sdk	All versions	—
Ca	Etrust Ez Antivirus	r7.1	—
Ca	Etrust Intrusion Detection	2.0	Sp1
Ca	Etrust Intrusion Detection	3.0	Sp1
Ca	Etrust Secure Content Manager	8.0	—
Ca	Gateway Security	r8.1	—
Ca	Internet Security Suite 2008	All versions	—
Ca	Internet Security Suite Plus 2008	All versions	—
Ca	Internet Security Suite Plus 2009	All versions	—
Ca	Protection Suites	r2	—
Ca	Protection Suites	r3	—
Ca	Protection Suites	r3.1	—
Ca	Threat Manager	8.1	—
Ca	Threat Manager	r8	—
Ca	Threat Manager Total Defense	All versions	—
Broadcom	Arcserve Backup	r12.0	Sp1
Ca	Arcserve Backup	r11.5	—

Showing 50 of 51 affected configurations. See NVD for the full list.

References

http://secunia.com/advisories/36976Vendor Advisory
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878Patch, Vendor Advisory
http://www.securityfocus.com/archive/1/507068/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/36653Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1022999Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2009/2852Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53698VDB Entry
http://secunia.com/advisories/36976Vendor Advisory
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878Patch, Vendor Advisory
http://www.securityfocus.com/archive/1/507068/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/36653Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1022999Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2009/2852Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53698VDB Entry

Timeline

Published: Oct 13, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-3588?

How severe is CVE-2009-3588?

Severity scoring for CVE-2009-3588 is pending analysis. The EPSS model estimates a 2.39% probability of exploitation in the next 30 days.

How do I fix CVE-2009-3588?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-3588?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST