Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Ca Multiple Products Buffer Overflow
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 05-24-2005, 03:43 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Thumbs down
a vulnerability in various Computer Associates products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an integer overflow in the Vet Antivirus Engine (VetE.dll) when analysing OLE streams. This can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted Microsoft Office document.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects the following products:
* CA InoculateIT 6.0 (all platforms, including Notes/Exchange)
* eTrust Antivirus r6.0 (all platforms, including Notes/Exchange)
* eTrust Antivirus r7.0 (all platforms, including Notes/Exchange)
* eTrust Antivirus r7.1 (all platforms, including Notes/Exchange)
* eTrust Antivirus for the Gateway r7.0 (all modules and platforms)
* eTrust Antivirus for the Gateway r7.1 (all modules and platforms)
* eTrust Secure Content Manager (all releases)
* eTrust Intrusion Detection (all releases)
* BrightStor ARCserve Backup (BAB) r11.1 Windows
* eTrust EZ Antivirus r6.2 - r7.0.5
* eTrust EZ Armor r1.0 - r2.4.4
* eTrust EZ Armor LE r2.0 - r3.0.0.14
* Vet Antivirus r10.66 and below

Solution:
Update to Vet engine 11.9.1 or later.

Provided and/or discovered by:
Alex Wheeler

Original Advisory:
Alex Wheeler:
http://www.rem0te.com/public/images/vet.pdf
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump

    Similar Threads
    Thread Thread Starter Forum Replies Last Post
    Mozilla Security Bypass and Buffer Overflow Mobo Security Alerts and vulnerabilities 1 12-10-2007 11:22 PM
    McAfee LHA File Handling Buffer Overflow Mobo Security Alerts and vulnerabilities 0 03-18-2005 04:44 PM
    multiple F-Secure products vulnerability Mobo Security Alerts and vulnerabilities 0 02-10-2005 09:02 PM
    Mozilla "MSG_UnEscapeSearchUrl()" Buffer Overflow Mobo Security Alerts and vulnerabilities 0 12-30-2004 11:16 PM
    Linux Zip Long Path Buffer Overflow Vulnerability Mobo Linux 0 11-05-2004 08:09 AM



    All times are GMT -5. The time now is 06:26 AM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2