To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39130654,00.htm

Cyber attack flaw blights antivirus engine
CA takes aim at "high risk" bug

By Joris Evers

Published: Tuesday 24 May 2005

A high-risk security flaw in several of Computer Associates International's antivirus products could put users at risk of cyber attack, the software vendor warned on Monday.

The flaw lies in the scanning engine used in CA's enterprise and consumer antivirus products, the company said. An attacker could gain full control over a victim's PC by sending a specially crafted Microsoft Office document, according to a security advisory published on the CA website.

CA rates the issue "high risk" because an attacker can gain full access to a computer without any user interaction.

The flaw in CA's antivirus engine is the latest in a series of security bugs in antivirus software. During the past few months, problems have been found in products from F-Secure, McAfee, Symantec and Trend Micro.

Consumer products that contain the flawed engine include CA's eTrust EZ Antivirus and EZ Armor, a bundle that offers the antivirus product. Affected business products include eTrust Antivirus, Intrusion Detection and Secure Content Manager, according to the advisory.

Sam Curry, a vice president at CA in Islandia, New York, said the company publicly disclosed the security issue on Monday but had a patch available on 3 May.

The patch was made available to corporate customers, Curry said. "The consumer products are automatically being updated today," he said. CA counts between three million and four million consumers and about one million organisations as its antivirus customers, he said.

Consumers who are on more recent versions of EZ Antivirus and EZ Armor may find their products have already been automatically updated, CA said. Users should check if the antivirus engine in their product is version 11.9.1. If it is a lower number, a virus signature update should be done to get the patch, according to CA.

Users of older versions are advised to upgrade or follow the guidelines in CA's advisory.

CA is not aware of anyone actually using the latest vulnerability in its products to attack users, Curry said. "This vulnerability is still only a potential vulnerability. There are no known exploits in the wild yet," he said. "However, I would say it is only a matter of time."

Joris Evers writes for CNET News.com