CA Patches High Risk Anti-Virus Flaw

Using a specially crafted Microsoft Office document, a malicious hacker could gain full access to a vulnerable system without any user interaction.

A high-risk buffer overflow vulnerability in Computer Associates International Inc.s eTrust Vet anti-virus engine could put users at risk of PC takeover attacks, the company warned in an advisory.

The Islandia, N.Y., software giant issued an alert for the flaw late Monday with a chilling warning that a successful attacker using a specially crafted Microsoft Office document could "gain full access to the computer without any user interaction."

The issue affects several enterprise products that rely on the Vet anti-virus engine, including CA InoculateIT 6.0, eTrust Antivirus 6.0 through 7.1, eTrust Antivirus for the Gateway 7.0 and 7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, and BrightStor ARCserve Backup.

Users of the consumer-facing eTrust EZ Antivirus and eTrust EZ Armor suites are also at risk.

"All Computer Associates corporate products and some of our retail products that utilize the Vet Antivirus Engine have the ability to patch this vulnerability automatically. For these products, the patch for this vulnerability was already rolled out as part of the daily Vet Signature updates and no further action is required," CA explained in an advisory.

The company said the Vet Antivirus Engine is included in drivers, system services to automatically scan any files that the computer may access. "In the worst scenario, an external attacker may present a carefully crafted Microsoft Office document to a vulnerable computer for virus scanning and gain control of the computer without any user interaction," the alert read.

A knowledge document was also issued with detailed instructions on how to apply the required updates.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.