CA patches high-risk security hole


CA patches high-risk security hole

Antony Savvas

A “high-risk” security flaw in Computer Associates anti-virus products could put users at risk, the supplier has warned.

The flaw is in the scanning engine used in both enterprise and consumer products. CA said that an attacker could gain full control over a user’s PC by sending them a specially crafted Microsoft Office document.

CA rates the flaw as “high risk” because an attacker can gain full access to a computer system without any user interaction.

This year there have been major reported flaws in the security products of McAfee, Symantec, F-Secure and Trend Micro, many of them in scanning engines. 

Enterprise CA products affected include eTrust Antivirus, Intrusion Detection and Secure Content Manager.

CA said it was not aware of any exploits of the flaw in the wild. A patch is available from CA to counter the potential problem.

The company issued security patches to address buffer overflow vulnerabilities in its CA License software earlier this spring. CA License software is a component included in a number of its enterprise products operating on proprietary and open source platforms.

Buffer overflow vulnerabilities can allow malicious code to be inserted and executed remotely.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy