OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[SA15470] CA Multiple Products Vet Antivirus Engine Buffer Overflow

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue May 24 2005 - 05:21:52 CDT

----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?

Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
CA Multiple Products Vet Antivirus Engine Buffer Overflow

SECUNIA ADVISORY ID:
SA15470

VERIFY ADVISORY:
http://secunia.com/advisories/15470/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
BrightStor ARCserve Backup 11.x (for Windows)
http://secunia.com/product/3099/
eTrust Antivirus 6.x
http://secunia.com/product/4088/
eTrust Antivirus 7.x
http://secunia.com/product/2198/
eTrust EZ Antivirus 6.x
http://secunia.com/product/4091/
eTrust EZ Antivirus 7.x
http://secunia.com/product/4338/
eTrust EZ Armor 2.x
http://secunia.com/product/4092/
eTrust InoculateIT 6.x for Windows
http://secunia.com/product/70/
eTrust Intrusion Detection 3.x
http://secunia.com/product/3390/
eTrust Secure Content Manager (SCM)
http://secunia.com/product/3391/

DESCRIPTION:
Alex Wheeler has reported a vulnerability in various Computer
Associates products, which can be exploited by malicious people to
compromise a vulnerable system.

The vulnerability is caused due to an integer overflow in the Vet
Antivirus Engine (VetE.dll) when analysing OLE streams. This can be
exploited to cause a heap-based buffer overflow via e.g. a specially
crafted Microsoft Office document.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects the following products:
* CA InoculateIT 6.0 (all platforms, including Notes/Exchange)
* eTrust Antivirus r6.0 (all platforms, including Notes/Exchange)
* eTrust Antivirus r7.0 (all platforms, including Notes/Exchange)
* eTrust Antivirus r7.1 (all platforms, including Notes/Exchange)
* eTrust Antivirus for the Gateway r7.0 (all modules and platforms)
* eTrust Antivirus for the Gateway r7.1 (all modules and platforms)
* eTrust Secure Content Manager (all releases)
* eTrust Intrusion Detection (all releases)
* BrightStor ARCserve Backup (BAB) r11.1 Windows
* eTrust EZ Antivirus r6.2 - r7.0.5
* eTrust EZ Armor r1.0 - r2.4.4
* eTrust EZ Armor LE r2.0 - r3.0.0.14
* Vet Antivirus r10.66 and below

SOLUTION:
Update to Vet engine 11.9.1 or later.

PROVIDED AND/OR DISCOVERED BY:
Alex Wheeler

ORIGINAL ADVISORY:
Alex Wheeler:
http://www.rem0te.com/public/images/vet.pdf

CA:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------