CA Patches Flaws in AV Engine

 
 
By Brian Prince  |  Posted 2007-06-08 Email Print this article Print
 
 
 
 
 
 
 

The security software vendor addresses two bugs that could lead to remote code execution by hackers.

CA has patched two flaws in its anti-virus engine that would have allowed hackers to remotely compromise a vulnerable system. The first flaw centers on a boundary error in vete.dll files that occurs when processing CAB archives. A specially-crafted CAB archive with overly long file names can trigger a stack-based buffer overflow. In addition, an input validation error when processing the "coffFiles" field in CAB archives can also be exploited to cause a stack-based buffer overflow.
Click here to read more about CAs host intrusion protection system, which combines firewall technology with network break-in detection and prevention applications to help fight zero-day threats.
In both cases, a successful exploitation of the vulnerabilities means a hacker could execute arbitrary code on the compromised machine. The bugs affect more than a dozen different CA products, all of which utilize the anti-virus engine. To determine if a product is affected, users can check the GUI of the product, CA officials said in an advisory. CA has issued content update 30.6 to address the vulnerabilities and urges users to install the latest content update if the signature version is less than version 30.6.
The flaws were uncovered by researchers at TippingPoint as part of its Zero Day Initiative, and were first uncovered in February. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel