|
CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability CA Vulnerability ID: 32896 Discovery Date: 2005/04/26 Discovered By: Alex Wheeler Title: Computer Associates Vet Antivirus engine heap overflow vulnerability Impact: Remote attackers can gain privileged access. Summary: Computer Associates has patched a high risk vulnerability that was identified by Alex Wheeler. The vulnerability affects computers leveraging our eTrust(TM) Vet Antivirus engine, and can allow an attacker to gain control of a computer through a specially crafted Microsoft Office document. Severity: Computer Associates has given this vulnerability a High risk rating. The Vet Antivirus Engine is included in drivers, system services to automatically scan any files that the computer may access. These software components have privileged access to the local computer and are started by default by our Antivirus software installation. In the worst case scenario, a remote attacker may present a specially crafted Microsoft Office document to a vulnerable computer for virus scanning and gain control of the computer without any user interaction. Affected corporate products: CA InoculateIT 6.0 (all platforms, including Notes/Exchange) eTrust Antivirus r6.0 (all platforms, including Notes/Exchange) eTrust Antivirus r7.0 (all platforms, including Notes/Exchange) eTrust Antivirus r7.1 (all platforms, including Notes/Exchange) eTrust Antivirus for the Gateway r7.0 (all modules and platforms) eTrust Antivirus for the Gateway r7.1 (all modules and platforms) eTrust Secure Content Manager (all releases) eTrust Intrusion Detection (all releases) BrightStor ARCserve Backup (BAB) r11.1 Windows Affected retail products: eTrust EZ Antivirus r6.2 - r7.0.5 eTrust EZ Armor r1.0 - r2.4.4 eTrust EZ Armor LE r2.0 - r3.0.0.14 Vet Antivirus r10.66 and below Status: All Computer Associates corporate products and some of our retail products that utilize the Vet Antivirus Engine have the ability to patch this vulnerability automatically. For these products, the patch for this vulnerability was already rolled out as part of the daily Vet Signature updates on May 3, 2005, and no further action is required. Recommendation: To make sure your system is protected, please review the solutions below for your specific product version. * All corporate products - You are protected if you are running Vet engine 11.9.1 or later. If running an earlier version, perform a virus signature file update as soon as possible to receive the patch. * eTrust EZ Antivirus r7/eTrust EZ Armor r3.1 Users - You may already be up-to-date. A new Vet engine was made available on Tuesday, May 3rd. Automatic signature file updates should have downloaded this update to your system. To verify the update, please follow the instructions below: Open eTrust EZ Antivirus (double-click on the "AV" icon in your system tray), then select the "Help" tab on the top-right of the screen. The engine version should be listed as 11.9.1 or later. If it is a lower number, perform a virus signature file update [1] immediately to receive the patch. * eTrust EZ Antivirus r6.x Users - Upgrade to eTrust EZ Antivirus r7 as soon as possible. It takes approximately 10 minutes to complete this process on a high-speed connection, and all users with an active license are entitled to this upgrade for free. Follow the link below to upgrade now. http://consumerdownloads.ca.com/myeTrust/apps/EZAntivirus.exe - For additional upgrade instructions, click on the appropriate link below: - Upgrading from r6.1 and above [2] - Upgrading from r6.0 and earlier [3] Unsure of your product version? Follow the link in footnote [4]. * eTrust EZ Armor r3 Users - An update will be pushed down to your computer. During a virus signature file update, a patch will be downloaded to your computer. The patch will require that you reboot your computer for it to take effect. We recommend that you reboot right away. * eTrust EZ Armor r2.4.4 and below Users - Upgrade to eTrust EZ Armor r3.1 as soon as possible. It takes approximately 10 minutes to complete this process on a high-speed connection and all users with an active license are entitled to this upgrade for free. Follow the link below to upgrade now. http://consumerdownloads.ca.com/myeTrust/apps/EZArmor.exe Unsure of your product version? Follow the link in footnote [4]. CVE Reference: Pending OSVDB Reference: Pending Advisory URLs (note that URLs below may wrap): General: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896 Consumer: http://crm.my-etrust.com/login.asp?username=guest&target=DOCUME NT&openpa rameter=1588 [1] http://crm.my-etrust.com/login.asp?username=guest&target=DOCUME NT&openpa rameter=61 [2] http://crm.my-etrust.com/login.asp?username=guest&target=DOCUME NT&openpa rameter=1907 [3] http://crm.my-etrust.com/login.asp?username=guest&target=DOCUME NT&openpa rameter=1911 [4] http://crm.my-etrust.com/login.asp?username=guest&target=DOCUME NT&openpa rameter=89 Should you require additional information, please contact CA Technical Support at http://supportconnect.ca.com. Respectfully, Ken Williams ; Vulnerability Research A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985 Computer Associates International, Inc. (CA). One Computer Associates Plaza. Islandia, NY 11749 Contact Us http://ca.com/catalk.htm Legal Notice http://ca.com/calegal.htm Privacy Policy http://ca.com Copyright 2005 Computer Associates International, Inc. All rights reserved