CA Patches Flaws in AV Engine
The security software vendor addresses two bugs that could lead to remote code execution by hackers.CA has patched two flaws in its anti-virus engine that would have allowed hackers to remotely compromise a vulnerable system. The first flaw centers on a boundary error in vete.dll files that occurs when processing CAB archives. A specially-crafted CAB archive with overly long file names can trigger a stack-based buffer overflow. In addition, an input validation error when processing the "coffFiles" field in CAB archives can also be exploited to cause a stack-based buffer overflow.
Click here to read more about CAs host intrusion protection system, which combines firewall technology with network break-in detection and prevention applications to help fight zero-day threats.