Computer Associates reveals antivirus software flaw
- 24 May, 2005 15:08
Computer Associates (CA) has disclosed a serious security flaw in its antivirus products, the latest is a series of security software to be hit by such a vulnerability.
The bug affects the Vet antivirus engine underlying CA's enterprise and consumer security software, and could be exploited by a remote attacker via a specially crafted Microsoft Word document to cause a heap overflow and execute malicious code, according to CA's advisory.
The platforms affected include Windows, Linux and Solaris, with affected products including BrightStor ARCserve Backup, eTrust Antivirus, eTrust EZ Antivirus, eTrust Intrusion Detection, eTrust Secure Content Manager and InoculateIT.
CA said it wasn't aware of any attacks so far, but that the bug did not require user interaction to exploit. Attackers could exploit the bug via remote protocols such as SMTP, FTP and SMB, according to an advisory from Alex Wheeler of rem0te.com, who discovered the flaw. "It can be triggered without authentication or user interaction and allows multiple exploitation attempts. Vet implementations are likely vulnerable in their default configuration," Wheeler said in the advisory.
Enterprise users got a patch at the beginning of this month, while consumers began receiving updates to Vet engine version 11.9.1 on Monday, via the software's built-in updating system, CA said.
Several major antivirus companies have had to patch serious security flaws in their core products in recent weeks, including Symantec, McAfee, Trend Micro and F-Secure.