PCWorks: CA Multiple Products Vet Antivirus Engine Buffer Overflow

[Peter Kaulback]

For users of the Computer Associates security programs, ie. the free 
ant*v*rus tool shipped with the MS security update last year.

        
CA Multiple Products Vet Antivirus Engine Buffer Overflow
Secunia Advisory:       SA15470 Print Advisory
Release Date:   2005-05-24

Critical:       
Highly critical
Impact: System access
Where:  From remote
Solution Status:        Vendor Patch

Software:       BrightStor ARCserve Backup 11.x (for Windows)
eTrust Antivirus 6.x
eTrust Antivirus 7.x
eTrust EZ Antivirus 6.x
eTrust EZ Antivirus 7.x
eTrust EZ Armor 2.x
eTrust InoculateIT 6.x for Windows
eTrust Intrusion Detection 3.x
eTrust Secure Content Manager (SCM)

	Select a product and view a complete list of all Patched/Unpatched 
Secunia advisories affecting it.

Description:
Alex Wheeler has reported a vulnerability in various Computer Associates 
products, which can be exploited by malicious people to compromise a 
vulnerable system.

The vulnerability is caused due to an integer overflow in the Vet 
Antivirus Engine (VetE.dll) when analysing OLE streams. This can be 
exploited to cause a heap-based buffer overflow via e.g. a specially 
crafted Microsoft Office document.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects the following products:
* CA InoculateIT 6.0 (all platforms, including Notes/Exchange)
* eTrust Antivirus r6.0 (all platforms, including Notes/Exchange)
* eTrust Antivirus r7.0 (all platforms, including Notes/Exchange)
* eTrust Antivirus r7.1 (all platforms, including Notes/Exchange)
* eTrust Antivirus for the Gateway r7.0 (all modules and platforms)
* eTrust Antivirus for the Gateway r7.1 (all modules and platforms)
* eTrust Secure Content Manager (all releases)
* eTrust Intrusion Detection (all releases)
* BrightStor ARCserve Backup (BAB) r11.1 Windows
* eTrust EZ Antivirus r6.2 - r7.0.5
* eTrust EZ Armor r1.0 - r2.4.4
* eTrust EZ Armor LE r2.0 - r3.0.0.14
* Vet Antivirus r10.66 and below

Solution:
Update to Vet engine 11.9.1 or later.

Provided and/or discovered by:
Alex Wheeler

Original Advisory:
Alex Wheeler:
http://www.rem0te.com/public/images/vet.pdf

CA:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896


Peter Kaulback
--
--
I haven't failed, I've found 10,000 ways that don't work.

Thomas Edison (1847-1931)
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================