CA Issues Upgrade for WebScan Flaw
- By Shawna McAlearney
- August 4, 2006
CA is recommending that users of its popular eTrust Antivirus WebScan upgrade to protect against flaws that can allow a remote attacker to execute arbitrary code or compromise the integrity of the WebScan software.
In a posting to the full-disclosure security mailing list, Ken Williams, director of CA Vulnerability Research acknowledged two flaws in the free, Web-based virus scanner, versions prior to 22.214.171.1248.
According to the advisory, Antivirus WebScan 126.96.36.1997 and earlier fail to properly validate parameters. A second flaw is caused by a buffer overflow in WebScan. The antivirus scanner is affected when running on Microsoft Windows Internet Explorer 4.0 or above.
CA ranks the vulnerabilities as medium-risk and says exploitation is non-trivial.
Matt Murphy of the TippingPoint Security Research Team is credited with discovering the flaws.
Shawna McAlearney is a senior web editor at Application Development Trends. She can be reached at [email protected].