CA Issues Upgrade for WebScan Flaw
- By Shawna McAlearney
CA is recommending that users of its popular eTrust Antivirus WebScan upgrade to protect against flaws that can allow a remote attacker to execute arbitrary code or compromise the integrity of the WebScan software.
In a posting to the full-disclosure security mailing list, Ken Williams, director of CA Vulnerability Research acknowledged two flaws in the free, Web-based virus scanner, versions prior to 220.127.116.118.
According to the advisory, Antivirus WebScan 18.104.22.1687 and earlier fail to properly validate parameters. A second flaw is caused by a buffer overflow in WebScan. The antivirus scanner is affected when running on Microsoft Windows Internet Explorer 4.0 or above.
CA ranks the vulnerabilities as medium-risk and says exploitation is non-trivial.
Matt Murphy of the TippingPoint Security Research Team is credited with discovering the flaws.