CA patches high-risk security hole

News

CA patches high-risk security hole

Antony Savvas

A “high-risk” security flaw in Computer Associates anti-virus products could put users at risk, the supplier has warned.

The flaw is in the scanning engine used in both enterprise and consumer products. CA said that an attacker could gain full control over a user’s PC by sending them a specially crafted Microsoft Office document.

CA rates the flaw as “high risk” because an attacker can gain full access to a computer system without any user interaction.

This year there have been major reported flaws in the security products of McAfee, Symantec, F-Secure and Trend Micro, many of them in scanning engines. 

Enterprise CA products affected include eTrust Antivirus, Intrusion Detection and Secure Content Manager.

CA said it was not aware of any exploits of the flaw in the wild. A patch is available from CA to counter the potential problem.

The company issued security patches to address buffer overflow vulnerabilities in its CA License software earlier this spring. CA License software is a component included in a number of its enterprise products operating on proprietary and open source platforms.

Buffer overflow vulnerabilities can allow malicious code to be inserted and executed remotely.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy