Security Bytes

Jun 8 2007   6:07AM GMT

CA warns of serious antivirus engine flaws

Leigha Leigha Cardwell Profile: Leigha

CA has released an advisory on some serious security flaws in products that implement the Antivirus engine.

“Two vulnerabilities exist that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code,” the advisory says. “CA has issued updates to address the vulnerabilities.”

The first problem is a stack-based buffer overflow occurring when the engine processes an excessively long file name contained in a .cab file.

The second problem a stack-based buffer overflow occurring when the “coffFiles” field is processed in a .cab file.

“In both instances, an attacker can cause a crash or possibly execute arbitrary code,” CA says. “CA has issued content update 30.6 to address the vulnerabilities. The updated engine is provided with content updates.”

Technorati Tags: ,

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: