CA, the vendor previously known as Computer Associates, on Tuesday issued an update for a pair of stack based buffer overflow vulnerabilities in the antivirus engine it ships with many of its products.
In a Tuesday advisory, CA said an attacker could trigger the vulnerabilities by sending a rigged CAB file with an overly long filename to the antivirus engine.
If successful, the attacker would be able to execute malicious code with system-level privileges, or at the very least create a denial of service situation by crashing the machine, said CA, Islandia, N.Y.
Versions of the CA antivirus engine prior to 30.6 are vulnerable, CA said.
Affected products include: CA Antivirus for the Enterprise (r8 and r8.1); CA Antivirus 2007 (v8); CA Internet Security Suite 2007 (v3); CA Secure Content Manager 8.0; CA Anti-Virus Gateway 7.1, and BrightStor ARCserve Backup (r11.1).
CA gave the vulnerabilities its highest risk rating of 'high', while Symantec's Deepsight Threat Management System also slapped them with its highest severity rating, 10 out of 10.
The vulnerabilities were reported to CA by an anonymous researcher through TippingPoint's Zero Day Initiative, a controversial program that pays researchers for the security vulnerabilities they uncover.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
