A “high-risk” security flaw in Computer Associates anti-virus products could put users at risk, the supplier has warned.
The flaw is in the scanning engine used in both enterprise and consumer products. CA said that an attacker could gain full control over a user’s PC by sending them a specially crafted Microsoft Office document.
CA rates the flaw as “high risk” because an attacker can gain full access to a computer system without any user interaction.
This year there have been major reported flaws in the security products of McAfee, Symantec, F-Secure and Trend Micro, many of them in scanning engines.
Enterprise CA products affected include eTrust Antivirus, Intrusion Detection and Secure Content Manager.
CA said it was not aware of any exploits of the flaw in the wild. A patch is available from CA to counter the potential problem.
The company issued security patches to address buffer overflow vulnerabilities in its CA License software earlier this spring. CA License software is a component included in a number of its enterprise products operating on proprietary and open source platforms.
Buffer overflow vulnerabilities can allow malicious code to be inserted and executed remotely.