CA Issues Upgrade for WebScan Flaw

CA is recommending that users of its popular eTrust Antivirus WebScan upgrade to protect against flaws that can allow a remote attacker to execute arbitrary code or compromise the integrity of the WebScan software. 

In a posting to the full-disclosure security mailing list, Ken Williams, director of CA Vulnerability Research acknowledged two flaws in the free, Web-based virus scanner, versions prior to

According to the advisory, Antivirus WebScan and earlier fail to properly validate parameters. A second flaw is caused by a buffer overflow in WebScan. The antivirus scanner is affected when running on Microsoft Windows Internet Explorer 4.0 or above.

CA ranks the vulnerabilities as medium-risk and says exploitation is non-trivial.

Matt Murphy of the TippingPoint Security Research Team is credited with discovering the flaws.

About the Author

Shawna McAlearney is a senior web editor at Application Development Trends. She can be reached at [email protected].