CA Patches Flaws in AV Engine
CA has patched two flaws in its anti-virus engine that would have allowed hackers to remotely compromise a vulnerable system.
The first flaw centers on a boundary error in vete.dll files that occurs when processing CAB archives. A specially-crafted CAB archive with overly long file names can trigger a stack-based buffer overflow. In addition, an input validation error when processing the "coffFiles" field in CAB archives can also be exploited to cause a stack-based buffer overflow.
In both cases, a successful exploitation of the vulnerabilities means a hacker could execute arbitrary code on the compromised machine. The bugs affect more than a dozen different CA products, all of which utilize the anti-virus engine. To determine if a product is affected, users can check the GUI of the product, CA officials said in an advisory.
CA has issued content update 30.6 to address the vulnerabilities and urges users to install the latest content update if the signature version is less than version 30.6.
The flaws were uncovered by researchers at TippingPoint as part of its Zero Day Initiative, and were first uncovered in February.