CA takes aim at "high risk" bug
By Joris Evers
Published: 24 May 2005 08:35 GMT
A high-risk security flaw in several of Computer Associates International's antivirus products could put users at risk of cyber attack, the software vendor warned on Monday.
The flaw lies in the scanning engine used in CA's enterprise and consumer antivirus products, the company said. An attacker could gain full control over a victim's PC by sending a specially crafted Microsoft Office document, according to a security advisory published on the CA website.
CA rates the issue "high risk" because an attacker can gain full access to a computer without any user interaction.
The flaw in CA's antivirus engine is the latest in a series of security bugs in antivirus software. During the past few months, problems have been found in products from F-Secure, McAfee, Symantec and Trend Micro.
Consumer products that contain the flawed engine include CA's eTrust EZ Antivirus and EZ Armor, a bundle that offers the antivirus product. Affected business products include eTrust Antivirus, Intrusion Detection and Secure Content Manager, according to the advisory.
Sam Curry, a vice president at CA in Islandia, New York, said the company publicly disclosed the security issue on Monday but had a patch available on 3 May.
The patch was made available to corporate customers, Curry said. "The consumer products are automatically being updated today," he said. CA counts between three million and four million consumers and about one million organisations as its antivirus customers, he said.
Consumers who are on more recent versions of EZ Antivirus and EZ Armor may find their products have already been automatically updated, CA said. Users should check if the antivirus engine in their product is version 11.9.1. If it is a lower number, a virus signature update should be done to get the patch, according to CA.
Users of older versions are advised to upgrade or follow the guidelines in CA's advisory.
CA is not aware of anyone actually using the latest vulnerability in its products to attack users, Curry said. "This vulnerability is still only a potential vulnerability. There are no known exploits in the wild yet," he said. "However, I would say it is only a matter of time."
Joris Evers writes for CNET News.com
Apps Fundamentals,Net Apps SQL Administration and VMWare for Operators.Knowledge of Antivirus products and a working knowledge of IIS would be an ...
Basic awareness of computer based vulnerability analysis testing. Moderate awareness of computer based vulnerability analysis testing. Basic ...
You must have previous experience in a dedicated vulnerability management function where you have been responsible for all potential attacks on a ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business